The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has posted a new emergency directive calling on federal agencies to immediately patch or disconnect Microsoft Exchange servers. The alert follows a recent warning from Microsoft about major zero-day attacks on email servers, according to a recent posting by the tech giant. The zero-day is allegedly being exploited in the wild, posing a serious cybersecurity threat to US federal agencies.
The emergency directive states that civilian federal agencies hosting on-premises Microsoft Exchange servers must update their software with the newly released patches or take the services offline until they are able to do so to mitigate any risks posed by the vulnerabilities. It also calls for agencies to gather forensic images and to search networks for known indicators of compromise. The vulnerability is also allegedly being leveraged by a nation-state group suspected to be operating out of China.