Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Microsoft United States Networking

Despite Microsoft Patch, US Gov't Warns of 'Active Threat Still Developing' From Open Back Doors (reuters.com) 26

Reuters reports: The White House on Sunday urged computer network operators to take further steps to gauge whether their systems were targeted amid a hack of Microsoft Corp's Outlook email program, saying a recent software patch still left serious vulnerabilities. "This is an active threat still developing and we urge network operators to take it very seriously," a White House official said, adding that top U.S. security officials were working to decide what next steps to take following the breach...

While Microsoft released a patch last week to shore up flaws in its email software, the remedy still leaves open a so-called back door that can allow access to compromised servers and perpetuating further attacks by others. "We can't stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted," the White House official said...

The back channels for remote access can impact credit unions, town governments and small business, and have left U.S. officials scrambling to reach victims, with the FBI on Sunday urging them to contact the law enforcement agency. Those affected appear to host Web versions of Microsoft's email program Outlook on their own machines instead of cloud providers, possibly sparing many major companies and federal government agencies, records from the investigation suggest... So far, only a small percentage of infected networks have been compromised through the back door, the source previously told Reuters, but more attacks are expected.

This discussion has been archived. No new comments can be posted.

Despite Microsoft Patch, US Gov't Warns of 'Active Threat Still Developing' From Open Back Doors

Comments Filter:
  • Bill is too busy worrying about corona viruses to bother with Windows viruses.
  • by innocent_white_lamb ( 151825 ) on Sunday March 07, 2021 @05:49PM (#61133992)

    That's the most important line in this article.

    The patch still leaves an open back door!

    So anyone who figures they've installed the patch and it's now fixed, that's not the case.

    • by EvilSS ( 557649 )
      Well yea, it's a patch, it fixes the vulnerability, but it can't remove any back doors or other malware installed from exploiting the vulnerability before it was patched. If the horse already left the barn, it won't go hunt the horse down and bring it back, it just closes the barn door.

      "We can't stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted,"

    • I support a few Exchange servers. The vulnerability allowed attackers to drop a web shell on the server. The patches fix that vulnerability, but admins still need to remove the web shell and anything else left behind. Microsoft have actually published some good tools to help assess and resolve any problems including an nmap script to scan servers https://github.com/microsoft/C... [github.com]. It will look for shells, IoCs in the logs and dumps of the lsass.exe process on the server (the scariest part of breach). A
    • by Tablizer ( 95088 )

      Yes, like the kind the gov't wants to require in OS's and phones.

  • still running their own mail servers. Also, glad I no longer have any Microsoft computers to support or applications or services I use.
  • by takionya ( 7833802 ) on Sunday March 07, 2021 @08:11PM (#61134374)
    How the Dominance of Microsoft's Products Poses a Risk to Security [cryptome.org]:

    'CCIA warned of the security dangers posed by software monopolies during the US antitrust proceeding against Microsoft in the mid and late 1990’s. We later urged the European Union to take measures to avoid a software “monoculture” that each day becomes more susceptible to computer viruses, Trojan Horses and other digital pathogens.'
    • Deserves a mod up. The overarching responsibility that most would agree with, is the US Govt has failed to improve things to where they need to be. Mostly because they kept their mouths shut, and would not badmouth or pass legislation against software vendors generally. No mandatory fines, and piss-weak consequences for major privacy leaks. Now bad savvy people are sailing through layered protections, risk levels are high. The solutions are many, and easy, and both means for care and less profit, if cycli
  • from the threatpost article..

    “The good news for defenders is that the post-exploitation activity is very detectable,” said Katie Nickels, director of intelligence at Red Canary, via email, adding her firm has detected numerous attacks as well. “Some of the activity we observed uses the China Chopper web shell, which has been around for more than eight years, giving defenders ample time to develop detection logic for it.”
  • ..Outlook email client is perfectly safe to use with POP or IMAP servers it's the Exchange Server platform that's severely compromised.

  • Nobody is pointing this out, but Microsoft got hacked a while ago and some of its source code was stolen. [slashdot.org]

    Security by obscurity is all right I guess, until someone gets the code, that is.

Factorials were someone's attempt to make math LOOK exciting.

Working...