CISA issued an Emergency Directive (Emergency Directive 21-02) on Wednesday after Microsoft patched four zero-day Exchange bugs and alerted re an active exploitation in the wild.
According to Saryu Nayyar, CEO, Gurucul, “With organizations migrating to Microsoft Office 365 en masse over the last few years, it’s easy to forget that on-premises Exchange servers are still in service. Some organizations, notably in government, can’t migrate their applications to the cloud due to policy or regulation, which means we will see on-premises servers for some time to come.
CISA’s emergency directive is timely and appropriate, as these vulnerabilities are being exploited in the wild now – apparently by threat actors based in China. This is another case that shows how vital it is to keep up with security patches, and to make sure the organization’s security stack is up to the task of identifying novel attacks and remediating them quickly.