IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

CISA orders agencies to fix Microsoft vulnerabilities abused by Chinese hackers

Agencies must patch or disconnect the vulnerable software

CISA has ordered US federal civilian agencies to tackle Microsoft flaws suspected to be involved in a Chinese spying campaign. Agencies must act by the end of the week. 

The order requires agencies to either apply security fixes for the Microsoft Exchange Server software’s vulnerabilities or disconnect the program until they can reconfigure it securely if the system is compromised.

The US agency's Emergency Directive 21-02, "Mitigate Microsoft Exchange On-Premises Product Vulnerabilities," was issued yesterday.

It said that its partners had “observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products”.

"Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network," the agency said.

It added that the vulnerabilities present an "unacceptable risk to Federal Civilian Executive Branch agencies. 

Agencies will have to forensically triage artifacts using collection tools to collect system memory, system web logs, windows event logs, and all registry hives. If agencies find no indications of compromise, they must immediately apply Microsoft patches for Microsoft Exchange servers.

"This Emergency Directive remains in effect until all agencies operating Microsoft Exchange servers have applied the available patch or the Directive is terminated through other appropriate action," the agency added.

Microsoft’s disclosure of significant Exchange Server software vulnerabilities brings to the fore certain challenges and themes seen simmering under the surface for a long time in national cyber security.

Steve Forbes, government cyber security expert at Nominet said there’s a tendency to treat cyber security issues between the private and public sectors as separate siloes. 

“However, these vulnerabilities demonstrate how flawed that view is. Not only are governments susceptible to software vulnerabilities like any business, but they also face the debate of how extensively to use cloud providers. While historically there has been a perception that it is more secure and robust to run your own infrastructure, this is a good example of where the opposite is true,” Forbes said.

Forbes said CISA’s directive is the latest in a series of increasingly regular emergency directives the agency has issued since its establishment two years ago. 

“Vulnerabilities like these demonstrate the necessity for these coordinated national protective measures to efficiently and effectively mitigate the effects of attacks that could have major national security implications,” he said.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Microsoft says it's provided over $100 million in tech support to Ukrainian government
cyber attacks

Microsoft says it's provided over $100 million in tech support to Ukrainian government

20 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022
Microsoft warns of new botnet variant targeting Windows and Linux systems
Security

Microsoft warns of new botnet variant targeting Windows and Linux systems

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022