More Information About Microsoft Exchange Vulnerability

March 9, 2021
Ken LaSala

Last week, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) issued an urgent warning of a vulnerability related to Microsoft Exchange on-premises products. A vulnerability in on-premises Exchange Servers will allow an attacker to gain “persistent system access and control of an enterprise network.” This vulnerability is currently not known to affect Microsoft 365 or Azure Cloud deployments.

The IAFC recommends that fire chiefs discuss this vulnerability with their IT departments. As many as 30,000 organizations across the United States may be affected by this vulnerability, including local governments.

CISA recommends that all organizations using Microsoft Exchange on-premises products must:

Check for signs of compromise;
Immediately patch Microsoft Exchange with the vendor released patch;

If unable to patch, remove the products from the network immediately; and
Upgrade to the latest supported version of Microsoft Exchange.

In addition, CISA strongly encourages partners to immediately disconnect any Microsoft Exchange systems suspected of being compromised.

CISA has released an Emergency Directive about this issue and a supplemental guidance

This is a serious compromise to an onsite Microsoft Exchange server. CISA warns that, Exploitation of this vulnerability before patch installation permits an adversary to gain persistent access to and control of entire enterprise networks which is likely to persist even after patching.”

Related News

SmartTech, Robotics, & the Future of Responder Health: What’s New At TSI?

November 20, 2024

SmartTech, Robotics, & the Future of Responder Health: learn what's new at TSI 2024 read more
U.S. House Passes Social Security Fairness Act (H.R. 82)

November 19, 2024

The House passes legislation to increase the Social Security benefit for many career fire and EMS personnel and their spouses read more
VCOS Announces Winner of the 2024 William F. Jenaway Illness & Injury Prevention Award

November 13, 2024

Ashburn Volunteer Fire & Rescue Department (AVFRD) recipient of the 2024 William F. Jenaway Illness & Injury Prevention Award. read more

Charged for Life: Lithium-ion battery safety messaging and resources

Spread the word about Lithium-ion battery safety Originally developed by the City of Toronto and Toronto Fire Services, these resources have been adapted for fire services across Ontario. With tailored messaging and resources, they empower communities to recognize risks, adopt safer ...

Response Considerations: Incidents Involving Crowds During the 2024 Presidential Election Period

As Election Day nears, the potential for unrest and other election-related issues remains. This document provides an overview of the current situation, highlighting the importance of continued interagency collaboration and operational coordination during this period. The United States Intelligence Community has ...

Evacuation Management 2-Day Course for Law & Fire Service Leaders

Are you ready? As first responders, we know we have to perform in challenging situations, and that there are scenarios we have never encountered ourselves. Do you have a plan to evacuate your city or county? Have you built the ...

FEMA's Hurricane Milton After the Storm Messaging Resource Toolkit

This toolkit provides multimedia resources quickly available for you to be able to share messaging to your community after Hurricane Milton. After the Storm Web Resources Hurricane Milton disaster declaration page on FEMA.gov in English and in Spanish. After the Storm Graphics, Social ...

Fire Service Quick Incident Response Workbook for Civil Unrest and Disturbance

Recognizing the challenges that fire chiefs can suddenly find themselves in, the International Association of Fire Chiefs, Homeland Security and Terrorism Committee set out to create a Fire Service Quick Incident Response Workbook for Civil Unrest and Disturbance to help IAFC member ...

You are not logged in.