News Insights: CISA Issues Emergency Directive 21-02 to Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

Off Cyber Policy in the News, Featured,

CISA issued an Emergency Directive (Emergency Directive 21-02) on Wednesday after Microsoft patched four zero-day Exchange bugs and alerted re an active exploitation in the wild.

News Insights:

According to Saryu Nayyar, CEO, Gurucul, “With organizations migrating to Microsoft Office 365 en masse over the last few years, it’s easy to forget that on-premises Exchange servers are still in service.  Some organizations, notably in government, can’t migrate their applications to the cloud due to policy or regulation, which means we will see on-premises servers for some time to come.

CISA’s emergency directive is timely and appropriate, as these vulnerabilities are being exploited in the wild now – apparently by threat actors based in China.  This is another case that shows how vital it is to keep up with security patches, and to make sure the organization’s security stack is up to the task of identifying novel attacks and remediating them quickly.

About The Author

Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.

Privacy Policy