Update to Alert on Mitigating Microsoft Exchange Server Vulnerabilities 4 Mar 2021, 9:08 pm

CISA is aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers and advises entities to investigate for signs of a compromise from at least September 1, 2020. CISA has updated the Alert on the Microsoft Exchange server vulnerabilities with additional detailed mitigations. 
 
CISA encourages administrators to review the updated Alert and the Microsoft Security Update and apply the necessary updates as soon as possible or disconnect vulnerable Exchange servers from the internet until the necessary patch is made available.

Joint NSA and CISA Guidance on Strengthening Cyber Defense Through Protective DNS 4 Mar 2021, 6:50 pm

The National Security Agency (NSA) and CISA have released a Joint Cybersecurity Information (CSI) sheet with guidance on selecting a protective Domain Name System (PDNS) service as a key defense against malicious cyber activity. Protective DNS can greatly reduce the effectiveness of ransomware, phishing, botnet, and malware campaigns by blocking known-malicious domains. Additionally organizations can use DNS query logs for incident response and threat hunting activities.

CISA encourages users and administrators to consider the benefits of using a protective DNS service and review NSA and CISA’s CSI sheet on Selecting a Protective DNS Service for more information.

Cisco Releases Security Updates 4 Mar 2021, 4:13 pm

Cisco has released security updates to address a vulnerability in multiple Cisco products. An attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-snort-ethernet-dos-HGXgJH8n and apply the necessary updates.

VMware Releases Security Update 4 Mar 2021, 4:12 pm

VMware has released a security update to address a vulnerability in View Planner. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0003 and apply the necessary update.  

CISA Issues Emergency Directive and Alert on Microsoft Exchange Vulnerabilities 3 Mar 2021, 8:14 pm

CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network. 

CISA strongly recommends organizations examine their systems to detect any malicious activity detailed in Alert AA21-062A. Review the following resources for more information:

• CISA Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
• AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
• Microsoft Security Blog Post: Multiple Security Updates Released for Exchange Server

Google Releases Security Updates for Chrome 3 Mar 2021, 5:10 pm

Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. 

Microsoft Releases Out-of-Band Security Updates for Exchange Server 2 Mar 2021, 10:41 pm

Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.

CISA encourages users and administrators to review the Microsoft blog post and apply the necessary updates or workarounds.

NSA Releases Guidance on Zero Trust Security Model 26 Feb 2021, 1:47 pm

The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred.

CISA encourages administrators and organizations review NSA’s guidance on Embracing a Zero Trust Security Model to help secure sensitive data, systems, and services.

Cisco Releases Security Updates  25 Feb 2021, 12:08 pm

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
 
CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

• Cisco Application Services Engine Unauthorized Access Vulnerabilities cisco-sa-case-mvuln-dYrDPC6w
• Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability cisco-sa-3000-9000-fileaction-QtLzDRy2
• Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability cisco-sa-mso-authbyp-bb5GmBQv

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox 24 Feb 2021, 3:54 pm

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.
 
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 86, Firefox ESR 78.8, and Thunderbird 78.8 and apply the necessary updates.