Manchester Municipal Risk Management Authority


Member Login




Upcoming Meetings
04.20.21 Facilities Management Committee Meeting
05.11.21 Technology & Cyber Security Advisory Committee Meeting
06.10.21 Administrative Advisory Committee Meeting
06.11.21 Parks & Recreation Committee Meeting
06.15.21 DPS Advisory Committee Meeting
07.13.21 Technology & Cyber Security Advisory Committee Meeting

Featured Training
04.22.21 Virtual Learning Lab - Ransomware Attacks
04.27.21 Drone Series: Michigan Unmanned Aircraft Systems Act 436 of 2016
05.03.21 Tactical Encounters for Patrol Officers
05.06.21 Tactical Encounters for Patrol Officers
05.11.21 Drone Series: Why do I need a pilot's license to fly a drone?
05.25.21 Virtual Learning Lab - Enhancing Communities Using Internet of Things
05.27.21 Solo Response to Active Shooter
06.22.21 Virtual Learning Lab - Incident Reporting Done Right
07.20.21 Virtual Learning Lab - The Effects of Climate Change and How to Safeguard Your Community


What's New/Hot Topic From MMRMA to You
Updated 3/31/21: Microsoft Exchange Vulnerability
MMRMA recommends members contact their Information Technology staff or service provider to assist in applying any needed Microsoft Exchange updates.


April 2021 Risk Journal
Next in our cyber risk series explores the critical nature of regular hardware and software updates. We also summarize recent additions to our RAP/CAP grant funding for training and certifications in the areas of planning, facilities management, and IT. Plus: some highlights from our first ever Virtual Learning Lab, which took place on March 4.

February 2021 Risk Journal
Our series on cyber risk management continues with a look at the benefits and characteristics of cybersecurity assessments. We also preview MMRMA's Virtual Learning Lab, which offers members remote training and networking remotely the ongoing pandemic.

Updated 3/31/21: Microsoft Exchange Vulnerability

Posted: Wednesday, March 31, 2021

Updated March 31, 2021

With the prevalence of Microsoft products in offices everywhere, many members could be using Microsoft Exchange Server. Recently identified vulnerabilities are related to a series of ongoing attacks, and Microsoft continues to address the situation through security updates.

CISA

On March 31, 2021, the national Cybersecurity and Infrastructure Security Agency (CISA) released this statement about the issue:

CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT—to investigate whether their Microsoft Exchange Servers have been compromised.  

Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review the supplemental direction and the following resources for additional information:

Microsoft

Please also see this blog post from Microsoft for more information. It was most recently updated on March 25, 2021, and Microsoft continues to add information as this emerging cyber exposure continues to develop:

https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

The post provides background, links to mitigation instructions, and these details about the affected systems:

The vulnerabilities affect Exchange Server versions 2013, 2016, and 2019, while Exchange Server 2010 is also being updated for defense-in-depth purposes. Exchange Online is not affected.

MMRMA recommends that members contact their Information Technology staff or service provider to assist in applying the appropriate updates to their Microsoft Exchange Servers.

Regularly scheduled computer system updates are an integral part of technology and cybersecurity risk management. The April 2021 issue of the Risk Journal will feature an article that explores this area further and explains the risks that can arise when organizations do not update hardware and software on an ongoing basis.




« Return to Hot Topic Page


Michigan Municipal Risk
Management Authority

14001 Merriman Road
Livonia, MI 48154
734.513.0300
800.243.1324

MMRMA has been a leader in municipal risk since 1980 and remains committed to meeting the ever-expanding challenges faced by its membership. MMRMA's risk control services are designed to help its members identify, prevent, and mitigate losses through on-site surveys, training, and other services. MMRMA also provides its members with premier claims and legal services, sound financial management, and essential news on the latest developments in public risk management.


ABOUT MMRMA  |  RISK MANAGEMENT  |  MEETINGS  |  TRAINING  |  RESOURCES  |  SUBSCRIBE  |  MEMBER LOGIN  |  BECOME A MEMBER  |  CONTACT US  |  SITE MAP


site by wedü