WASHINGTON (Reuters) – The White House on Sunday urged computer network operators to take additional steps to assess whether their systems were targeted amid a hack from Microsoft Corp’s Outlook email program, saying a patch of Recent software still leaves serious vulnerabilities.
“This is an active threat still under development and we ask network operators to take it very seriously,” said a White House official, adding that top US security officials are working to decide what next steps to take. after the breach.
On Sunday, CNN reported separately that the Biden government was forming a task force to deal with the hack. The White House official, in a statement, said the government was giving “a general government response”.
Although Microsoft released a patch last week to correct flaws in its e-mail software, the remedy still leaves a so-called back door open that could allow access to compromised servers and perpetuate further attacks by others.
“We cannot emphasize enough that patching and mitigation are not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server takes steps to determine whether they have already been targeted,” said the White House official.
A source has already told Reuters that more than 20,000 American organizations have been compromised by the hack, which Microsoft attributed to China, although Beijing denies any participation.
Support channels for remote access can affect credit unions, city governments and small businesses, and have left US officials struggling to reach victims, with the FBI urging on Sunday to contact the law enforcement agency.
Those affected appear to be hosting Web versions of Microsoft Outlook’s e-mail program on their own machines, rather than cloud providers, possibly saving many major companies and federal government agencies, the investigation records suggest.
A Microsoft representative said on Sunday that he is working with the government and others to help guide customers, and the company has asked affected customers to apply software updates as soon as possible.
Neither the company nor the White House specified the scale of the hack. Microsoft initially said it was limited, but the White House last week expressed concern about the potential for “a large number of victims”.
So far, only a small percentage of infected networks have been compromised through the back door, the source previously told Reuters, but more attacks are expected.
Jeff Mason reporting; Additional reporting by Susan Heavey and Sarah N. Lynch in Washington and David French in New York; Editing by Lisa Shumaker