White House Warns of Increasing Victims: Microsoft Server Compromise

Sam Bloedow
open lock unsafe

On Tuesday, March 2, Microsoft Corp. released fixes to plug four security holes that attackers have been using to exploit Microsoft Exchange Server 2013, 2016 and 2019.  The company says all four flaws are being actively exploited as part of a complex attack chain deployed. 

Jen Psaki, White House press secretary, said last Friday that there was currently an “active threat” from hackers exploiting four flaws in Microsoft’s Exchange email application, which the tech group disclosed earlier this week.

“This is a significant vulnerability that could have far-reaching impacts,” Psaki said. “We are concerned that there are a large number of victims and are working with our partners to understand the scope.”

Brian Krebs, a cybersecurity researcher, claimed in a blog post last Friday that at least 30,000 organizations “including a significant number of small businesses, towns, cities and local governments” had been hacked in the past few days following Microsoft’s disclosure, citing multiple sources briefed on the matter.

By now, your IT group should have already informed you they know about the vulnerability and are working on it. If not, companies should immediately notify their IT group to audit and align their Exchange servers with the released updates. While the vulnerabilities are not impacting Microsoft 365 services, companies often leave Exchange servers set up to work in conjunction with Microsoft 365, leaving the vulnerability present.

Download: What Good IT Support Looks Like eBook

As technology continues to evolve, so does the need for strategic guidance. That’s why for the last 20+ years, Thriveon has deployed an approach that proactively eliminates IT risk and supports business growth.  

Managed IT Services button - click to download e-book

STAY UP TO DATE

Subscribe to our email updates

STAY UP TO DATE

Subscribe to our email updates