May 11, 2021

Volume XI, Number 131

Advertisement

May 11, 2021

Subscribe to Latest Legal News and Analysis

May 10, 2021

Subscribe to Latest Legal News and Analysis

NSA Issues New Warning About Four Critical Patches to Microsoft Exchange Servers

The National Security Agency (NSA) recently issued a warning to private industry about four zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 used on-premises. The NSA recommends immediate patching of the vulnerabilities before they are exploited by threat actors.

The vulnerabilities could lead to remote execution of code that would allow threat actors to take full control of the Exchange Servers and have access to, and control of, entire networks. Two of the vulnerabilities can be exploited remotely without any user interaction (which means that there is no need for phishing or other types of scams to get employees to do something to introduce the code into the system). The NSA has rated the vulnerabilities as highly critical.

Following the discovery of the vulnerabilities, the Cybersecurity and Infrastructure Security Agency ordered patching of all federal agency on-premises affected Exchange Servers and has instructed agencies to remove from federal networks any servers that are unable to be patched.

Patches for the vulnerabilities were released this week by Microsoft on Patch Tuesday. IT professionals may wish to consider the warning by NSA when prioritizing those patches.

Advertisement
Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 112
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement