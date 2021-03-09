FILE PHOTO: The Microsoft sign is shown on top of the Microsoft Theatre in Los Angeles, California, U.S., Oct. 19,2018. REUTERS/Mike Blake/File Photo

NEW YORK (WWTI) — The New York State Department has issued an alert regarding cybersecurity on Microsoft Exchange email servers.

A letter was issued to all DFS regulated entities on Tuesday. According to the DFS this is following the discovery of cybersecurity vulnerabilities in Microsoft Exchange server.

Specifically, on March 2, 2021 Microsoft reported the discovery of four vulnerabilities in servers from 2013 ad later, including 2016 and 2019. The DFS stated that vulnerable servers appeared to host Web versions of Microsoft’s email program, Outlook, on their own machines instead of cloud providers.

The DFS claimed that thousands of organizations have been compromised due to these incidents.

The Department stated the following in its industry letter issued on Tuesday, March 9, 2021.

The Department of Financial Services (“DFS”) urges all regulated entities with vulnerable Microsoft Exchange services to act immediately. Regulated entities should immediately patch or disconnect vulnerable servers, and use the tools provided by Microsoft to identify and remediate any compromise exploiting these zero-day vulnerabilities. The U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency (“CISA”) has also released a current activity update outlining how to search for a compromise.

Adding,

Regulated entities should immediately assess the risk to their systems and consumers, and take steps necessary to address vulnerabilities and customer impact. The assessment should identify internal use of vulnerable Microsoft Exchange products and any use of these products by critical third parties. Regulated entities should also continue to track developments in this compromise and respond quickly to new information.

This letter was issued to Chief Executive Officers, Chief Information Officers, Chief Information Security Officers, Senior Information Officers, and Data Privacy Officers of all New York State Department of Financial Services Regulated Entities.