Microsoft hack: White House warns of 'active threat' of email attack

Sollie

Honorary Master
Joined
Apr 20, 2005
Messages
12,069

Microsoft hack: White House warns of 'active threat' of email attack

The US is expressing growing concern over a hack on Microsoft's Exchange email software that the tech company has blamed on China.
"This is an active threat," White House press secretary Jen Psaki said on Friday. "Everyone running these servers - government, private sector, academia - needs to act now to patch them."
Microsoft said hackers had used its mail server to attack their targets.
It is reported that tens of thousands of US organisations may be impacted.
The US has long accused the Chinese government of cyber-espionage, something Beijing denies.

....
 

s0lar

Expert Member
Joined
Sep 22, 2009
Messages
1,365
As a good tech would like evidence other than an IP in China to pin this on the Chinese or as in the past Russia for that matter.
 

Sollie

Honorary Master
Joined
Apr 20, 2005
Messages
12,069
As a good tech would like evidence other than an IP in China to pin this on the Chinese or as in the past Russia for that matter.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,880
Patch patch patch....

You dropped the ball here MS.
 

Thor

Honorary Master
Joined
Jun 5, 2014
Messages
41,861
On site (in dedicated hosted hardware is the way to go.)
On site = I control it, hosted in a data center with redundancy.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
76,678
Wait, are people actually exposing exchange to the internet?

Or is this via some carefully crafted email delivery?
 

Blackhand

Senior Member
Joined
Dec 22, 2004
Messages
587
Wait, are people actually exposing exchange to the internet?

Or is this via some carefully crafted email delivery?

Yes, people are exposing Exchange to the internet. It's not some "out there stupid" deployment either, it's the standard deployment.

Requiring your employees to connect to a VPN before getting their email is more secure but I don't know any company which requires this because of how cumbersome it is.

This is a highly effective zero-day and Microsoft did drop the ball here. A full remote control vulnerability in software that is expected to run at the network edge is about as bad as it gets. It's akin to a full remote control vulnerability in a web server.
 

The_Librarian

Another MyBB
Super Moderator
Joined
Nov 20, 2015
Messages
30,674
Wait, are people actually exposing exchange to the internet?

Or is this via some carefully crafted email delivery?
Standard config would be to put Exchange behind a firewall and portforward the correct ports.

Unless the ne'er-do-wells managed to fondle Exchange via these standard, open ports.

Makes the case for Open Source just stronger.
 

airborne

Honorary Master
Joined
Jul 13, 2007
Messages
12,218
It's basically their entire Exchange client base which are affected by this hack, which is probably a pretty significant swath of the world's rich and powerful:

"the Chinese hacking group thought to be responsible has seized control over “hundreds of thousands” of Microsoft Exchange Servers worldwide — with each victim system representing approximately one organization that uses Exchange to process email."

Us government as well, I wonder if someone will finally take MS to court for making dodgy software.

In comparison what major exploits have been discovered in MacOS, seems it's negligible?

"Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims"

 

The_Librarian

Another MyBB
Super Moderator
Joined
Nov 20, 2015
Messages
30,674
Original thread :

 

The_Librarian

Another MyBB
Super Moderator
Joined
Nov 20, 2015
Messages
30,674
On site (in dedicated hosted hardware is the way to go.)
On site = I control it, hosted in a data center with redundancy.
This attack is against on-prem. So the onus is on you to patch, and get rid of the vulnerability.
 

Blackhand

Senior Member
Joined
Dec 22, 2004
Messages
587
Standard config would be to put Exchange behind a firewall and portforward the correct ports.

Unless the ne'er-do-wells managed to fondle Exchange via these standard, open ports.

Makes the case for Open Source just stronger.

The exploits could be done through the standard exposed ports. One of the major vulnerabilities existed in the Outlook Web Access portion of Exchange. This is why it is affecting so many people and companies.

 

The_Librarian

Another MyBB
Super Moderator
Joined
Nov 20, 2015
Messages
30,674
It's fine in South Africa though. Just use it as an opportunity to purchase new infrastructure, then move the stuff from the hacked servers over.
(true story, kid you not).
But how do you know you are not restoring the backdoors they have planted? Or are you doing a fresh install, then migrate only Exchange-specific data? (Mailbox DB and log files)
 

Milano

Honorary Master
Joined
Feb 7, 2004
Messages
16,253
Active threat or active BS? If the White House only just realised that Microsoft software is not secure then they really have no place being in positions of any authority.
 

s0lar

Expert Member
Joined
Sep 22, 2009
Messages
1,365
Usual Microsoft damage control post.

Here it mentions attacks where launched via VPS and Tor. To go touting the nation who allegedly attacked you would assume hard evidence as it quite an accusation under the current climate.
Pinning this on China is nothing more than political opportunism.

 
Top