Welcome to the Reuters.com BETA. Read our Editor's note on how we're helping professionals make smart decisions.
Skip to main content

Technology

U.S. directs agencies to apply patches to Microsoft servers

2 minute read

White House Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger gives an update on the Biden administration's response to the SolarWinds hack during the daily briefing at the White House in Washington, D.C., U.S. February 17, 2021. REUTERS/Leah Millis/File Photo

WASHINGTON, April 13 (Reuters) - The top cybersecurity official in the White House on Tuesday directed all government agencies to urgently apply new patches for Microsoft (MSFT.O) Corp Exchange email servers to head off exploitation by hackers.

The rare directive applies to software fixes for four flaws discovered by the U.S. National Security Agency and reported to Microsoft.

"We recognize when vulnerabilities may pose such a systemic risk that they require expedited disclosure," Deputy National Security Advisor for Cyber & Emerging Technologies Anne Neuberger said in a statement.

Microsoft said it had not seen the problems being exploited so far, but hackers will study the new patches to see what they are fixing, then deploy attacks against unpatched machines.

The new flaws come on top of those used in a flood of attacks earlier this year that compromised more than 20,000 U.S. on-premises Exchange servers handling web versions of Outlook mail.

Though the vast majority of those vulnerable to the previous round of attacks have now patched their systems, Justice Department officials said Tuesday they had won court permission to gain access to privately owned servers and remove the web shells left by some of the hackers for future remote access.

That sort of active engagement by U.S. officials is expected to accelerate with this week's nominations of NSA veterans to other national cyber security posts, including a head of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.

Reporting by Chris Sanders Editing by Chris Reese

Our Standards: The Thomson Reuters Trust Principles.

More from Reuters