After Microsoft closed the Exchange vulnerabilities in March, the issue appeared to be resolved, at least in the future, despite several infections. But not all vulnerabilities were discovered.
Microsoft must once again close the vulnerabilities in its Exchange Server email program with an update. The software suite released updates for the releases from 2013, 2016, and 2019 on Tuesday.
They’ve also been affected by vulnerabilities that Microsoft has already shut down with an update in March. The reference to two of the four new problems came from the NSA.
Microsoft has made it clear that we do not know of any malware that has actually exploited the vulnerabilities. However, the company recommended that updates be installed immediately.
The White House ordered all US government agencies to promptly update their email servers. Deputy Security Adviser Ann Neuberger confirmed that the US government informed Microsoft of the vulnerability because of its responsibility.
In particular, the secret services are looking for security flaws to exploit. In the US government apparatus, there is a process in which it is assessed whether the vulnerability could become too dangerous for the general public if the CIA kept it to itself.
The NSA discovered a leak that led to WannaCry
The National Security Agency is responsible for cyber espionage abroad. In 2017, hackers took advantage of a security hole discovered by the secret services to widely infect computers with WannaCry extortion software. These programs encrypt the hard drive and charge for editing it. At the time, among other things, British hospitals and display boards in Deutsche Bahn were affected by WannaCry. The National Security Agency was criticized for failing to bridge the security gap.
According to estimates by IT security experts, the Exchange vulnerabilities that became known in March infected tens of thousands of email servers worldwide. The attackers took advantage in part from the fact that updates had to be installed manually – not all Exchange clients reacted quickly.
According to Microsoft’s assessment, the four vulnerabilities from the March update were initially exploited by Chinese hackers. Two different attackers were added later. In the event of a successful attack via the vulnerabilities, the data could have been accessed from the email system.
The FBI removes the malware by court order
Meanwhile, the US Federal Police, the Federal Bureau of Investigation, has removed malware from “hundreds of computers” in the United States, which were infected with the help of security holes that became known in March. The US Department of Justice said some Exchange server operators were unable to delete the attackers’ backdoors in January and February.
Only corporate-run servers are affected by vulnerabilities in Exchange. The online versions of the Exchange services were already protected.
In the big batch of security updates, Microsoft closed more than 100 vulnerabilities on Tuesday, including in the Windows operating system, Edge web browser, and Office software programs.