WASHINGTON (Reuters) – The White House urged computer network operators on Sunday to take further steps to gauge whether their systems were targeted amid a hack of Microsoft Corp’s Outlook email program, saying a recent software patch still had serious vulnerabilities.
“This is an active threat that is still evolving and we urge network operators to take it very seriously,” said a White House official, adding that top US security officials were deciding what next steps to take. take action after the infringement.
CNN reported separately on Sunday that the Biden administration was forming a task force to address the hack. The White House official said in a statement that the government gave “quite a government response.”
While Microsoft released a patch last week to fix flaws in its email software, the remedy still leaves a so-called back door open that can allow access to compromised servers and perpetuate further attacks from others.
“We cannot stress enough that patching and mitigation is not a recovery when the servers have already been compromised, and it is essential that any organization with a vulnerable server takes action to determine if they have already been targeted,” said the White official. House.
A source already told Reuters that more than 20,000 US organizations had been compromised by the hack, which Microsoft has blamed on China, although Beijing has denied any role.
The back-end remote access channels can affect credit unions, city governments and small businesses, and have caused U.S. officials to rush to reach victims, with the FBI urging them to contact law enforcement on Sunday.
Those affected appear to be hosting web versions of Microsoft’s Outlook email program on their own computers rather than cloud providers, potentially sparing many large corporations and federal government agencies, data from the study suggests.
A Microsoft representative said on Sunday that it was working with the government and others to help customers, and the company urged affected customers to apply software updates as soon as possible.
Neither the company nor the White House has specified the scope of the hack. Microsoft initially said it was limited, but the White House expressed concern last week about the potential for “a high number of victims.”
So far, only a small percentage of infected networks have been compromised through the back door, the source previously told Reuters, but more attacks are expected.
Reporting by Jeff Mason; Additional reporting by Susan Heavey and Sarah N. Lynch in Washington and David French in New York; Editing by Lisa Shumaker