CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities

Original release date: March 31, 2021

CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT—to investigate whether their Microsoft Exchange Servers have been compromised.  

Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review the supplemental direction and the following resources for additional information:

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix Releases Security Updates for Hypervisor

Original release date: March 31, 2021

Citrix has released security updates to address vulnerabilities in Hypervisor (formerly XenServer). An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review Citrix Security Update CTX306565 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates

Original release date: March 31, 2021

VMware has released security updates to address multiple vulnerabilities affecting vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-004 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

Original release date: March 31, 2021

Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
 
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates 

Original release date: March 26, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. 

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates. 

•    watchOS 7.3.3
•    iOS 12.5.2 
•    iOS 14.4.2 and iPadOS 14.4.2 

This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Releases Security Update

Original release date: March 26, 2021

OpenSSL has released a security update to address vulnerabilities affecting versions 1.1.1–1.1.1j. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: March 25, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Samba Releases Security Updates

Original release date: March 25, 2021

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Samba Security Announcements for CVE-2020-27840 and CVE-2021-20277 and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Webshells Observed in Post-Compromised Exchange Servers  

Original release date: March 25, 2021

CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each new MAR (AR21-084A and AR21-084B) identifies a webshell observed in post-compromised Microsoft Exchange Servers. After successful exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actor can upload a webshell to enable remote administration of the affected system.

CISA has also updated seven previously released MARs. The updated MARs now include an additional CISA-developed YARA rule to help network defenders detect associated malware.

CISA encourages users and administrators to review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: March 24, 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 87, Firefox ESR 78.9, and Thunderbird 78.9.

This product is provided subject to this Notification and this Privacy & Use policy.