Last week, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) issued an urgent warning of a vulnerability related to Microsoft Exchange on-premises products. A vulnerability in on-premises Exchange Servers will allow an attacker to gain “persistent system access and control of an enterprise network.” This vulnerability is currently not known to affect Microsoft 365 or Azure Cloud deployments.
The IAFC recommends that fire chiefs discuss this vulnerability with their IT departments. As many as 30,000 organizations across the United States may be affected by this vulnerability, including local governments.
CISA recommends that all organizations using Microsoft Exchange on-premises products must:
If unable to patch, remove the products from the network immediately; and
Upgrade to the latest supported version of Microsoft Exchange.
In addition, CISA strongly encourages partners to immediately disconnect any Microsoft Exchange systems suspected of being compromised.
This is a serious compromise to an onsite Microsoft Exchange server. CISA warns that, Exploitation of this vulnerability before patch installation permits an adversary to gain persistent access to and control of entire enterprise networks which is likely to persist even after patching.”