White House press secretary Jen Psaki announced that it was “an active threat,” and pointed to the Department of Homeland Security’s emergency directive from March 3rd.
Department of Homeland Security’s cybersecurity agency sent out March 3rd. White House national security adviser Jake Sullivan warned about it as well. Additionally, so did former Cybersecurity and Infrastructure Security Agency director Christopher Krebs and the White House National Security Council.
CISA is aware of widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities and urges scanning Exchange Server logs with Microsoft's IOC detection tool to help determine compromise. https://t.co/khgCR2LAs0. #Cyber #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) March 6, 2021
Hackers reportedly installed malware that allows direct entry and re-entry into the servers.
“We are undertaking a whole of government response to assess and address the impact,” reads part of an email from a White House official, according to Bloomberg.
What’s the Damage?
On March 2nd Microsoft made patches available for the local Microsoft Exchange Server for 2010 to 2019. Global security is still analyzing the scope of the damage.
Uncertainty remains about how long the vulnerabilities were out there. Support for the server stopped in 2010. Microsoft provided a “freebie” patch to users. Some security researchers are wondering if these vulnerabilities have been undetected in the Microsoft Exchange Server code base for over a decade.
