The Cybersecurity and Infrastructure Security Agency instructed government agencies that use on-premise Exchange systems with an Emergency Directive. Although Microsoft stated that 92% of Exchange servers vulnerable with critical vulnerabilities are now patched or mitigations have been applied, CISA instructed agencies to run Microsoft malware scanners.
ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
A few days ago, Microsoft stated that Microsoft Defender Antivirus and System Center Endpoint Protection will now automatically mitigate vulnerable Exchange Servers. According to the directive, all federal agencies that had an Exchange server since January 1, 2021, should run the scanner. CISA stated,
“Although federal agencies successfully responded to ED 21-02, which included initial efforts to forensically triage and rapidly update Microsoft Exchange servers hosted in the federal enterprise, CISA is directing additional actions to identify compromises that may remain undetected. Since the original issuance of ED 21-02, Microsoft has developed new tools and techniques to aid organizations in investigating whether their Microsoft Exchange servers have been compromised. CISA also identified Microsoft Exchange servers still in operation and hosted by (or on behalf of) federal agencies that require additional hardening.”