Department of Defense
DOD Issues Cyber Tasking Order to Address Vulnerabilities in Microsoft’s Exchange Software
The Joint Force Headquarters–Department of Defense Information Network, in coordination with the Cybersecurity and Infrastructure Security Agency, has issued a cyber tasking order in response to the zero-day vulnerabilities found in Microsoft’s Exchange software.
While DOD spokesman Russell Goemaere opted not to share specifics of the order, he said it requires all defense agencies and the commands directing them to take actions necessary to protect DOD networks and information technology systems.
The DOD’s cyber tasking order applies to military networks and expands on an emergency directive released by CISA directed at civilian agencies, FCW reported Tuesday.
CISA’s Emergency Directive 21-02 instructs federal civilian agencies and departments running Microsoft Exchange on-premises products to update or disconnect the products from their networks until they have installed the security patch released by Microsoft. It also requires agencies to conduct forensic analysis if they are able to do so.
During his appearance at a panel hosted by the Center for Strategic and International Studies, CISA’s Eric Goldstein encouraged attendees to urgently look at the emergency directive.
According to Goldstein, the Microsoft Exchange Server hack “reflects the fact that, big or small, all organizations face significant cybersecurity risks.”
Vulnerabilities discovered in Microsoft’s Exchange software impact on-premise Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. According to a ZDNet report, these vulnerabilities can be exploited to perform server hijacking, data theft and potentially further malware deployment.
The DOD is poised to take greater action to address the vulnerabilities. Goemaere told FCW that the department is already coordinating with the National Security Agency on further steps to protect its networks.
Category: Cybersecurity