- CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products. Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.
- CISA will continue to work with our partners to monitor for active exploitation associated with these vulnerabilities.
- CISA will release additional indicators of compromise as they become available.
- CISA will provide technical assistance to agencies without internal capabilities to comply with this directive.
- CISA will provide additional guidance to agencies via the CISA website, through an emergency directive issuance coordination call, and through individual engagements upon request (via [email protected]).
- By April 5, 2021, CISA will provide a report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) identifying cross-agency status and outstanding issues.
CISA Emergency Directive 21-02 | March 3, 2021
