Advertisement
Australia markets closed
  • ALL ORDS

    8,153.70
    +80.10 (+0.99%)
     
  • AUD/USD

    0.6496
    -0.0040 (-0.61%)
     
  • ASX 200

    7,896.90
    +77.30 (+0.99%)
     
  • OIL

    82.35
    +1.00 (+1.23%)
     
  • GOLD

    2,231.90
    +19.20 (+0.87%)
     
  • Bitcoin AUD

    109,075.52
    +1,104.06 (+1.02%)
     
  • CMC Crypto 200

    885.54
    0.00 (0.00%)
     

UPDATE 1-U.S. directs agencies to apply patches to Microsoft servers

(Adds court-approved removal of previous Exchange back doors)

By Joseph Menn

WASHINGTON, April 13 (Reuters) - The top cybersecurity official in the White House on Tuesday directed all government agencies to urgently apply new patches for Microsoft Corp Exchange email servers to head off exploitation by hackers.

The rare directive applies to software fixes for four flaws discovered by the U.S. National Security Agency and reported to Microsoft.

"We recognize when vulnerabilities may pose such a systemic risk that they require expedited disclosure," Deputy National Security Advisor for Cyber & Emerging Technologies Anne Neuberger said in a statement.

ADVERTISEMENT

Microsoft said it had not seen the problems being exploited so far, but hackers will study the new patches to see what they are fixing, then deploy attacks against unpatched machines.

The new flaws come on top of those used in a flood of attacks earlier this year that compromised more than 20,000 U.S. on-premises Exchange servers handling web versions of Outlook mail.

Though the vast majority of those vulnerable to the previous round of attacks have now patched their systems, Justice Department officials said Tuesday they had won court permission to gain access to privately owned servers and remove the web shells left by some of the hackers for future remote access.

That sort of active engagement by U.S. officials is expected to accelerate with this week's nominations of NSA veterans to other national cyber security posts, including a head of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security. (Reporting by Joseph Menn and Chris Sanders Editing by Chris Reese and Grant McCool)