Top
image credit: Pixabay

Microsoft Exchange CVEs more widely exploited than thought

March 4, 2021

The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning all government civilian departments and agencies running an on-premise Microsoft Exchange installation to update or disconnect the product as the impact of four newly disclosed vulnerabilities – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 – spreads.

The CISA has also called on US agencies to collect forensic images and search for known indicators of compromise (IOCs) in response to active exploitation of the vulnerabilities, which have prompted an out-of-sequence patch from Microsoft.

Read More on Computer Weekly