WASHINGTON (Reuters) – The White House on Sunday called on computer network operators to take further action to assess whether their systems have been targeted amid a hack of Microsoft Corp.’s Outlook e-mail program, saying a recent software patch still left serious vulnerabilities.
“This is an active threat under development and we urge network operators to take it very seriously,” a White House official said, adding that US security officials are working to decide what next steps to take. after violation.
CNN reported separately on Sunday that the Biden administration is forming a working group to address the hack. The White House official said in a statement that the administration was making “an entire government response.”
While Microsoft last week released a patch to fix flaws in its email software, the fix still leaves the so-called back door open that can allow access to compromised servers and perpetuate subsequent attacks by others.
“We cannot stress enough that patches and mitigation are not a fix if the servers have already been compromised, and it is essential that any organization with a vulnerable server take action to determine if they have already been targeted,” the White House official said.
Already, a source told Reuters that more than 20,000 US organizations have been compromised by the hack, which Microsoft has blamed on China, although Beijing denies any role.
The back channels for remote access could have an impact on credit unions, city governments and small businesses, and left US officials fighting to reach the victims, with the FBI asking them on Sunday to contact the law enforcement agency.
Those affected appear to be hosting web versions of the Microsoft Outlook e-mail program on their own machines instead of cloud providers, possibly exempting many major companies and federal government agencies, according to survey records.
A Microsoft representative said on Sunday that it was working with the government and others to help guide customers, and the company asked affected customers to apply software updates as soon as possible.
Neither the company nor the White House specified the extent of the hack. Microsoft initially said it was limited, but the White House last week expressed concern about the potential for “a large number of casualties.”
So far, only a small percentage of infected networks have been compromised through the back door, the former Reuters source said, but more attacks are expected.
Reporting by Jeff Mason; Additional reports by Susan Heavey and Sarah N. Lynch in Washington and David French in New York; Edited by Lisa Shumaker