WASHINGTON (Reuters) – The White House on Sunday urged computer network operators to take further steps to assess whether their systems were attacked amid an attack on Microsoft Corp’s Outlook email program, saying a software patch recent still left serious vulnerabilities.
“This is an active threat that is still developing and we urge network operators to take it very seriously,” said a White House official, adding that top US security officials were there. working to decide what next steps to take after the rape.
CNN separately reported Sunday that the Biden administration was forming a task force to address the attack. The White House official, in a statement, said the administration was giving “a whole response from the government.”
While Microsoft released a patch last week to shore up flaws in its email software, the remedy still leaves open the so-called backdoor that can allow access to compromised servers and perpetuate more attacks from others.
“We cannot emphasize enough that patching and mitigation are not remediation if servers have already been compromised, and it is essential that any organization with a vulnerable server take action to determine whether they have already been attacked,” said the White House official. .
A source already told Reuters that more than 20,000 US organizations had been compromised by the attack, which Microsoft has blamed on China, although Beijing denies any role.
Secondary channels for remote access can affect credit unions, city governments, and small businesses, and have left U.S. officials scrambling to reach victims, with the FBI urging them Sunday to get in touch. with the law enforcement agency.
Those affected appear to host web versions of Microsoft’s Outlook email program on their own machines rather than on cloud providers, possibly bypassing many major companies and federal government agencies, the investigation records suggest.
A Microsoft representative said Sunday that it was working with the government and others to help guide customers, and the company urged affected customers to apply software updates as soon as possible.
Neither the company nor the White House has specified the scale of the attack. Microsoft initially said it was limited, but the White House last week expressed concern about the potential for “a lot of casualties.”
So far, only a small percentage of infected networks have been compromised through the back door, the source previously told Reuters, but more attacks are expected.
Reporting by Jeff Mason; Additional reporting from Susan Heavey and Sarah N. Lynch in Washington and David French in New York; Edited by Lisa Shumaker