Thousands of Microsoft Exchange servers are at risk of hackers even after applying for redress, a senior US cybersecurity chief said Monday, citing information from cybersecurity companies.
Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said the owners of the email servers were at risk before Microsoft Corp. released a patch about three weeks ago should take further steps to remove hackers from their networks.
Microsoft previously warned that marking posts will not remove a criminal who has already damaged a server.
“We remain committed to supporting our customers in this attack, developing new security measures, and partnering with governments and security industries to help keep our customers and communities safe,” a Microsoft spokesman said Monday.
Vulnerable servers can be used as a trigger for cybercriminals to initiate ransomware attacks on computer networks, where files are encrypted and stored as a ransom for payment. Reports of hack ware attacks within compromised networks to date have been limited.
Last week, Microsoft released a tool that allows Exchange on-premise server owners to compile security errors with a single click. But hackers may have already breached those servers and may remain inside the computer networks even if the configuration is used. Microsoft said the attack began with a Chinese government-backed hacker who was accused of exploiting previously unknown vulnerabilities in Microsoft’s widely used email software.
About 45% of programs were weak last week, a spokesman for the National Security Council said. There are now fewer than 10,000 endangered programs in the U.S., from at least 120,000 initially.