Microsoft Exchange On-Premises Products Vulnerabilities
Excerpt from the FBI-CISA Joint Advisory: The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of on-premises Microsoft Exchange Servers (Exchange Online is not affected). Successful exploitation of the vulnerabilities could allow adversaries to compromise networks, steal information, encrypt data for ransom, or execute a destructive attack.
CISA encourages affected organizations to read the Federal Bureau of Investigation (FBI)-CISA Joint advisory for more information and the Microsoft Security Response Center and CISA’s Remediating Microsoft Exchange Vulnerabilities for mitigation and patching instructions.
- DHS Emergency Directive 21-02
- FBI-CISA Joint Advisory
- Microsoft Security Response Center
- Remediating Microsoft Exchange Vulnerabilities
- National Cyber Awareness System (NCAS): Includes listservs for alerts, notifications, and weekly bulletins from Cybersecurity Infrastructure Security Agency (CISA) NCAS (formerly US CERT). Weekly bulletins include a comprehensive list of new cyber vulnerabilities along with patch information when available.
- For example, the Alert AA21-062A was sent out last week regarding the Microsoft Exchange Server Vulnerability and the following were sent out today:
Cybersecurity and Cyber Safety Resources for Schools
- Transition to Distance Learning Creates Opportunities for Cyber Actors to Disrupt Instruction and Steal Data; This public Service announcement from the Federal Bureau of Investigation (FBI) presents information and numerous additional cybersecurity and cyber safety resources for schools as they address cybersecurity.
- Cybersecurity Considerations for K-12 Schools and School Districts: ED’s Readiness and Emergency Management for Schools (REMS) Technical Assistance (TA) Center provides this fact sheet provides information on threats facing school and school district networks and systems, preparing for threats, and cybersecurity’s relation to EOP development and planning.
- Cyber Safety Considerations for K-12 Schools and School Districts ED’s REMS TA Center provides this fact sheet with information on online threats to students, preparing for online threats to students, and cyber safety’s relation to EOP development and planning. (November 5, 2017).
- Keeping Students Safe Online During School at Home (June 8 2021): An informational piece disseminated June 8, 2020, describing the threat and actions school communities (including students, staff, and families) can take to help continually protect against, prevent, and mitigate, be ready to respond and recovery from possible incidents alongside resources. The TA piece incudes resources from DHS and CISA. Following are additional informational pieces shared:
- Digital Learning Guides, ED’s Office of Educational Technology (OET) has a series of guides supporting the school leaders, teachers and families.