CISA Releases Supplemental Direction on Emergency Directive for Microsoft Exchange Server Vulnerabilities

Original release date: March 31, 2021CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT—to investigate whether their Microsoft Exchange Servers have been compromised.   Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments,...