Federal agencies ordered to patch systems immediately following flaw in Microsoft app

Greg Nash

The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday ordered federal agencies to immediately investigate, patch or disconnect their systems from a Microsoft email application after the company discovered a vulnerability exploited by Chinese hackers. 

CISA issued an emergency directive ordering agencies to “triage” whether they have been compromised by the new vulnerability, and if they have collected “forensic images” of the vulnerability to either patch or immediately disconnect from Microsoft Exchange Server. 

The order came the day after Microsoft warned that a Chinese state-sponsored hacking group known as Hafnium was attempting to take advantage of previously unknown vulnerabilities in the email application Exchange Server. 

Microsoft described the group as a “highly skilled and sophisticated actor,” and noted that it had previously targeted groups across multiple fields, including law firms, think tanks, defense contractors and infectious disease researchers. 

The company urged groups using Microsoft Exchange Server to deploy a variety of updates to ensure that the Chinese hackers and other potential malicious foreign hackers could not access systems. 

Acting CISA Director Brandon Wales said in a statement Wednesday that the emergency directive would help to tackle potential dangers of newly discovered vulnerability posed to federal networks. 

“This Emergency Directive will help us secure federal networks against the immediate threat while CISA works with its interagency partners to better understand the malicious actor’s techniques and motivations to share with our stakeholders,” Wales said. 

“The swiftness with which CISA issued this Emergency Directive reflects the seriousness of this vulnerability and the importance of all organizations – in government and the private sector – to take steps to remediate it,” he added.

CISA issued the directive after consulting with Microsoft, the National Security Agency and other security researchers to determine the best ways to approach the security flaw. Microsoft released a patch for the vulnerability earlier on Wednesday. 

House Homeland Security Committee ranking member John Katko (R-N.Y.) said in a statement Wednesday that he saw the directive as an “important first step,” but urged further action to fully address the incident. 

“This appears to be yet another significant cyber incident impacting a wide range of potential victims within the government and the private sector,” Katko said. “The intent of Chinese-backed hackers to exploit vulnerabilities like this across American infrastructure is sadly nothing new.”

“There is still much more to learn about the extent of this cyber campaign,” he added. “My team is in touch with CISA, and I look forward to formal briefings in the near future.”

CISA has only issued emergency directives a handful of times since its establishment in 2018. 

The agency’s most recent emergency directive was put out as a result of the discovery of the breach that has become known as the SolarWinds hack, with CISA ordering all agencies to immediately disconnect from all systems related to products from IT group SolarWinds. 

The hack, which U.S. intelligence officials have said was “likely” carried out by Russia, compromised at least nine federal agencies and 100 private sector groups, including both the Department of Homeland Security and Microsoft. 

CISA also issued an emergency directive last year ordering agencies to update a major vulnerability within the Microsoft Windows Server program within 24 hours due to evidence that hackers could use it to take control of critical systems.

Tags China CISA cybersecurity John Katko Microsoft

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Most Popular

Load more