Despite Microsoft Patch, US Gov't Warns of 'Active Threat Still Developing' From Open Back Doors (reuters.com) 26
Reuters reports:
The White House on Sunday urged computer network operators to take further steps to gauge whether their systems were targeted amid a hack of Microsoft Corp's Outlook email program, saying a recent software patch still left serious vulnerabilities. "This is an active threat still developing and we urge network operators to take it very seriously," a White House official said, adding that top U.S. security officials were working to decide what next steps to take following the breach...
While Microsoft released a patch last week to shore up flaws in its email software, the remedy still leaves open a so-called back door that can allow access to compromised servers and perpetuating further attacks by others. "We can't stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted," the White House official said...
The back channels for remote access can impact credit unions, town governments and small business, and have left U.S. officials scrambling to reach victims, with the FBI on Sunday urging them to contact the law enforcement agency. Those affected appear to host Web versions of Microsoft's email program Outlook on their own machines instead of cloud providers, possibly sparing many major companies and federal government agencies, records from the investigation suggest... So far, only a small percentage of infected networks have been compromised through the back door, the source previously told Reuters, but more attacks are expected.
While Microsoft released a patch last week to shore up flaws in its email software, the remedy still leaves open a so-called back door that can allow access to compromised servers and perpetuating further attacks by others. "We can't stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted," the White House official said...
The back channels for remote access can impact credit unions, town governments and small business, and have left U.S. officials scrambling to reach victims, with the FBI on Sunday urging them to contact the law enforcement agency. Those affected appear to host Web versions of Microsoft's email program Outlook on their own machines instead of cloud providers, possibly sparing many major companies and federal government agencies, records from the investigation suggest... So far, only a small percentage of infected networks have been compromised through the back door, the source previously told Reuters, but more attacks are expected.
Too Busy? (Score:1)
Who's Bill? (Score:1)
The patch still leaves an open back door (Score:3, Informative)
That's the most important line in this article.
The patch still leaves an open back door!
So anyone who figures they've installed the patch and it's now fixed, that's not the case.
Re:The patch still leaves an open back door (Score:5, Informative)
So it's not a patch or? Summary doesn't elaborate and who rtfa anymore?
It IS a patch of the software flaw, but unfortunately, the flaw allowed the servers to be completely compromised. So, patching may just be shutting the barn door after the horses left, to use a folksy old analogy that's mostly irrelevant in today's urban and suburban world.
Re:The patch still leaves an open back door (Score:4, Funny)
So, patching may just be shutting the barn door after the horses (sic) left, to use a folksy old analogy that's mostly irrelevant in today's urban and suburban world.
It's odd isn't it, the longevity of that phrase.
Since this is /. I suggest we all move to locking the garage after the car's been stolen. </oblig. car analogy>
Re: (Score:2)
"We can't stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted,"
Re: (Score:2)
Re: (Score:1)
Yes, like the kind the gov't wants to require in OS's and phones.
Re: (Score:2)
I bought my first computer several years before you were even born... And of course it was Windows that made "just reboot and the problem will go away" a way of life...
Re: (Score:2)
What are you talking about?
How is rebooting in any way relevant to this topic?
Sometimes it is good to be one of the few (Score:2)
This would not be one of those times (Score:4, Informative)
> Sometimes it is good to be one of the few still running their own mail servers.
This is not one of those times. This issue ONLY impacts those running their own mail servers. Specifically, those using Exchange as opposed to O365.
> Also, glad I no longer have any Microsoft computers to support or applications or services I use.
Any day is a good day to not use Microsoft. :)
Re: (Score:3)
CyberInsecurity: The Cost of Monopoly (Score:4, Informative)
'CCIA warned of the security dangers posed by software monopolies during the US antitrust proceeding against Microsoft in the mid and late 1990’s. We later urged the European Union to take measures to avoid a software “monoculture” that each day becomes more susceptible to computer viruses, Trojan Horses and other digital pathogens.'
Re: (Score:2)
good ol' exchange (Score:2)
“The good news for defenders is that the post-exploitation activity is very detectable,” said Katie Nickels, director of intelligence at Red Canary, via email, adding her firm has detected numerous attacks as well. “Some of the activity we observed uses the China Chopper web shell, which has been around for more than eight years, giving defenders ample time to develop detection logic for it.”
Stop saying it's a flaw in Microsoft Outlook... (Score:3)
..Outlook email client is perfectly safe to use with POP or IMAP servers it's the Exchange Server platform that's severely compromised.
Related to the source code leak? (Score:2)
Nobody is pointing this out, but Microsoft got hacked a while ago and some of its source code was stolen. [slashdot.org]
Security by obscurity is all right I guess, until someone gets the code, that is.