Craig Peterson: Hi, everybody. This is a quick live one. We’ve got some bad news from the federal government about Microsoft just came out earlier today. The CISA, who is in charge of all security for all federal government systems, told them to shut down. All Microsoft exchange servers. They have to shut them down or patch them with this latest set of pats patches that just came up from Microsoft.

[00:00:30] There is a huge security vulnerability, and this vulnerability means that anybody can do anything. The hackers can pretend they are the server. How’s that for the bad news. And this not only applies to federal government agencies but applies to anybody doing business with the feds, including our friends who are DOD subcontractors or sub-subcontractors.

[00:01:00] Now, the order goes so far as to tell them that they need to capture all of the memory on the machine. Do an exact copy of all of the devices, memory. Yeah, the Microsoft. Yeah, exactly. Exchange server. And a snapshot also of the desks before and after they cleaned them up. Because this has been exploited massively.

[00:01:30] So if you are using a Microsoft exchange server, self-hosted, or you have it hosted at a third party, this is terrible news for you because you should immediately disconnect it. Entirely from the network. Double-check. If you have been breached and there are instructions on that, I’m going to point to CSUs information.

[00:01:54] From my website@craigpeterson.com or, of course, you can look it up online to a duck, duck, go search, etc. There are instructions on exactly what to do, how to tell if it’s been hacked, and also to patch it up. So emergency klaxons are sounding here. This is a very, very bad thing. So follow up, follow up now.

[00:02:21] Because it is just so, so dangerous. Now, if you’re using Microsoft, Microsoft three 65, formerly O three 65, or office three 65, apparently this bug does not. It exists in their online O three 65 environments. But, uh, you know, even if it does or doesn’t, there’s little that you can do about it. It’s in Microsoft’s hand. We have a client who is a DOD subcontractor.

[00:02:53] We’re doing all of the security work for them, and they have. A shop that’s break-fix, and then also goes ahead and does some management services for them. They outsource the Microsoft SQL server. I mean the Microsoft exchange server services, as well as SQL, but exchange server to a third party, they probably won’t be able to comply with this order that came out of Seesaw because you need to snapshot all the memory, all the desk, all the, everything on the machine.

[00:03:24] So. Check out Craig peterson.com. I’m going to have a right there on the homepage. Lots of great information, scary information. This is being actively exploited in the wild, something we can’t put up with. All right. Check it out. Craig peterson.com and shut off your Microsoft exchange server immediately.

[00:03:47] And hopefully, you can do the capture of the memory and the desk and look and see if you’ve already been hacked and clean it up. Right. And then patch it up. Those are the steps you should be taking. Take care of your buddy. Bye-bye.

Cybersecurity & Infrastructure Security Agency – Alert (AA21-062A)
Mitigate Microsoft Exchange Server Vulnerabilities

Homeland Security Emergency Directive 21-02 – Mitigate Microsoft Exchange On-Premises Product Vulnerabilities