Original release date: March 31, 2021
CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT—to investigate whether their Microsoft Exchange Servers have been compromised.
Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review the supplemental direction and the following resources for additional information:
This product is provided subject to this Notification and this Privacy & Use policy.
CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security…
CISA released two Industrial Control Systems (ICS) advisories on October 2, 2025. These advisories provide…
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released ten Industrial Control Systems (ICS) advisories on September 30, 2025. These advisories provide…
The Cybersecurity and Infrastructure Security Agency (CISA) announced that it has transitioned to a new…
This website uses cookies.