News & Insights

Cyber Alert: Mitigating Microsoft Exchange Server Vulnerabilities

March 10, 2021

Cyber Alert: Mitigating Microsoft Exchange Server Vulnerabilities
SHARE :           

Update as : FBI-CISA Joint Advisory on Compromise of Microsoft Exchange Server

U.S. Department of Health & Human Services - Office for Civil Rights (OCR) is sharing the following Updated Alert on Mitigating Microsoft Exchange Vulnerabilities from the Cybersecurity and Infrastructure Security Agency (CISA) to assist HIPAA covered entities and their business associates in addressing serious threats to Microsoft Exchange servers. Organizations are encouraged to review the information below and take appropriate action.

Action steps:

  1. Read the alert message and resources provided.
  2. Read CISA’s Remediating Microsoft Exchange Vulnerabilities webpage. (Click here to directly access Microsoft Exchange Server updates).
  3. Remediate according to CISA’s recommendations as soon as possible.

CISA is aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers and advises entities to investigate for signs of a compromise from at least September 1, 2020. CISA has updated the Alert on the Microsoft Exchange server vulnerabilities with additional detailed mitigations. 

CISA encourages administrators to review the updated Alert and the Microsoft Security Update and apply the necessary updates as soon as possible or disconnect vulnerable Exchange servers from the internet until the necessary patch is made available.

In a prior cybersecurity newsletter, OCR provided information on zero-day vulnerabilities.

Additional Resources:

Annual Reports:

Receive Regular Updates: