Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

CISA, NSA offer guidance to better protect Microsoft Exchange Servers

(Sam Torres / Unsplash)

By Matt Kapko

Cybersecurity experts from multiple federal agencies released guidance to help organizations bolster their defenses against attacks on on-premises Microsoft Exchange Servers, resurfacing and building upon previously shared advice that generally applies to most technology.

The Cybersecurity and Infrastructure Security Agency said the security blueprint for Microsoft Exchange Server is a follow-up effort to an emergency directive the agency released in August for CVE-2025-53786, a high-severity defect affecting on-premises Microsoft Exchange servers. CISA jointly issued the guide Thursday with the National Security Agency and cyber agencies in Australia and Canada.

Nick Andersen, executive assistant director for cybersecurity at CISA, said the guidance isn’t in response to any specific vulnerability or attack, but rather reflects that organizations are under constant threat. “Many organizations depend on Microsoft Exchange to perform these critical communication functions, and that necessitates a strong degree of protection from malicious actors,” he said during a media briefing Thursday.

Read more at CyberScoop

Click to listen highlighted text!