The White House has urged computer network operators to take additional steps to work out if their systems were targeted by a hack of Microsoft’s Outlook email program, saying a recent software patch still left serious vulnerabilities.
- The Microsoft fix for the hack still leaves a so-called back door open to compromised servers
- Top US security officials are working to decide what next steps to take following the breach
- A source told Reuters more than 20,000 US organisations have been compromised by the hack
“This is an active threat still developing and we urge network operators to take it very seriously,” a White House official said in a statement.
Top US security officials were working to decide what next steps to take following the breach.
The White House official said the administration was making “a whole-of-government response.”
While Microsoft released a patch last week to shore up flaws in its email software, the remedy still leaves open a so-called back door that can allow access to compromised servers and perpetuating further attacks by others.
A source told Reuters more than 20,000 US organisations had been compromised by the hack, which Microsoft has blamed on China, although Beijing denies any role.
The back channels for remote access can impact credit unions, governments and small businesses.
It has left US officials scrambling to reach victims, with the FBI urging affected people to contact the law enforcement agency.
Those affected appear to host web versions of Microsoft’s email program Outlook on their own machines instead of cloud providers, possibly sparing many major companies and federal government agencies, records from the investigation suggest.
A Microsoft representative said it was working with the government and others to help guide customers, and the company urged impacted clients to apply software updates as soon as possible.
Neither the company nor the White House has specified the scale of the hack.
Microsoft initially said it was limited, but the White House expressed concern about the potential for “a large number of victims.”
So far, only a small percentage of infected networks have been compromised through the back door, the source previously told Reuters, but more attacks were expected.