The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These vulnerabilities are capable of remote code execution, with two not requiring attackers to authenticate first. CISA believes that threat actors will reverse engineer the patches to create working exploits due to their severity and public disclosure. The agency believes that these vulnerabilities pose an unacceptable risk to the Federal enterprise.
Source: https://www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-until-friday-to-patch-exchange-servers/