Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technologies, released a statement today requiring all Federal agencies to apply Microsoft’s new set of Exchange patches “immediately.”
Microsoft released the new patches today, which include “updates to protect against new vulnerabilities in on-premise Exchange Servers,” according to a Microsoft blog post. Neuberger said the Federal government “discovered and notified Microsoft on these vulnerabilities.” However, Microsoft said it has not seen these vulnerabilities used in any attacks against customers.
“We urge all owners and operators of Microsoft Exchange Servers to apply these latest patches immediately. The U.S. Government will lead by example – we are requiring all agencies to immediately patch their Exchange servers, as well,” Neuberger said. “Should these vulnerabilities evolve into a major incident, we will manage the incident in partnership with the private sector, building on the Unified Coordination Group processes established and exercised in the recent Microsoft Exchange incident.”
Microsoft also recommended an immediate patch update saying, “given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats.”
“This disclosure is an example of the responsible and transparent approach the U.S. government uses when handling vulnerabilities,” Neuberger added. “This is consistent with our expectations for how responsible governments and companies can work together to promote cybersecurity.”