News Flash Home
The original item was published from 3/8/2021 2:32:39 PM to 3/16/2021 12:00:02 AM.

News Flash

MML eBulletin

Posted on: March 8, 2021

[ARCHIVED] Municipal Cybersecurity Threat Alert


The Cybersecurity and Infrastructure Security Agency (CISA) has identified a serious threat in unpatched Microsoft Exchange servers to businesses, local governments, and infrastructure managers and has requested NLC's assistance in sharing information about that threat and mitigating steps in its emergency directive widely. Please share this information with your IT teams, member city networks, and vendor partners as soon as possible.  Information and updates about this threat and the Emergency Directive are available at You can download a simple one-pager for use by both nontechnical city leaders and IT teams here (it is the first link under “Alerts and Guidance”).


The seriousness of this vulnerability cannot be overstated; the exploitation of it is widespread and is indiscriminate. This vulnerability is already being actively exploited in many thousands of systems and could allow criminal actors to engage in acts threatening to continuity of operations, such as ransomware, even after patching Microsoft Exchange. Please immediately speak with your IT officials to determine what steps your organization has taken, and if your organization does not have the technical capability to verify network integrity, please consider bringing in a third party to assist you as soon as possible.


Everyone using Microsoft Exchange on-premise products needs to immediately:


  • Check for signs of compromise; 
  • If evidence of compromise is found, assume that your organization’s network identity has been compromised and begin incident response procedures;
  • Patch Microsoft Exchange with the vendor released patches; 
  • If unable to patch immediately or remove the Microsoft Exchange from the network immediately, CISA strongly recommends following alternative mitigations found in Microsoft’s blog on Exchange Server Vulnerabilities Mitigations. This should not be taken as an adequate solution for patching. 


Response to indicators of compromise are essential to eradicate adversaries already on your network and must be accomplished in conjunction with measures to secure the Microsoft Exchange environment. Patching an already compromised system will not be sufficient to mitigate this situation; therefore, CISA strongly encourages partners to immediately disconnect any Microsoft Exchange systems suspected of being compromised.


Please contact CISA for any questions or to report an incident regarding this vulnerability at


Again, CISA has emphasized  that they are deeply concerned about the extent to which this vulnerability is already actively being exploited and that time is of the essence to prevent serious harm to local government targets. Please take the aforementioned steps to protect your own networks and share this information widely.

Facebook Twitter Email