Skip to main content

Microsoft Exchange emergency patch has raised eyebrows at the White House

representational image of a cloud firewall
(Image credit: Pixabay)

The White House says it is following the release of a new emergency patch from Microsoft with interest.

“We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities,” Jake Sullivan national security adviser to President Biden said on Twitter.

Concerns around cybersecurity among politicians have risen in recent months, particularly following the SolarWinds hack, which saw several branches of the US government targeted by still-unknown attackers, and the recent attack on Microsoft Exchange email servers.

Multiple threats

Earlier this week, it was revealed that security researchers had identified a “highly skilled and sophisticated” Chinese state-sponsored threat attack that used exploits in Microsoft Exchange.

The vulnerabilities have now been patched, with Microsoft urging all its business customers to update their Exchange server installations - a call echoed by Sullivan in his tweet.

The attackers, named Hafnium by the Microsoft Threat Intelligence Center (MSTIC) attacked targets in the United States. While it’s based in China, it uses leased Virtual Private Servers (VPS) in the US to run its malicious operations.

It is the second major cyberattack to target Microsoft systems in recent months, following the attack on SolarWinds in December 2020, where as well as multiple private companies being affected, nine federal agencies were also compromised.  

The SolarWinds hack has been called the “largest and most sophisticated attack the world has ever seen.” The breach involved SolarWinds Orion network monitoring software, which is used by an estimated 18,000 customers. Among these, it is believed that a smaller number of targets were subjected to follow-up intrusions.

Microsoft itself was targeted heavily by the SolarWinds attackers, who attempted to access and steal the source code behind some of the company's most popular products. However the company said it was able to block most of the attempts using its in-house Microsoft Defender software.

Via Reuters