Statement from Deputy National Security Advisor for Cyber & Emerging Technologies Anne Neuberger on New Microsoft Exchange Patches

Cybersecurity is a top priority for the Biden Administration and we’re committed to sharing actionable and timely information to help the American public operate safely online.

Microsoft released a set of Exchange patches today that are critical. We urge all owners and operators of Microsoft Exchange Servers to apply these latest patches immediately. The U.S. Government will lead by example – we are requiring all agencies to immediately patch their Exchange servers, as well. Should these vulnerabilities evolve into a major incident, we will manage the incident in partnership with the private sector, building on the Unified Coordination Group processes established and exercised in the recent Microsoft Exchange incident.

The U.S. government discovered and notified Microsoft on these vulnerabilities. The U.S. Government carefully weighs the national security, public, and commercial interests in deciding to disclose a vulnerability. Moreover, we recognize when vulnerabilities may pose such a systemic risk that they require expedited disclosure. This disclosure is an example of the responsible and transparent approach the U.S. government uses when handling vulnerabilities. This is consistent with our expectations for how responsible governments and companies can work together to promote cybersecurity.