(Bloomberg) -- Newly discovered flaws in Microsoft Corp.’s software for email and contacts has raised concerns at the highest levels of the U.S. government, which is urging users to immediately apply patches.
At least 30,000 organizations across the U.S., including significant numbers of small businesses and local governments, have been hacked in the last few days by suspected Chinese attackers who are focused on stealing email from victims, the blog KrebsonSecurity reported Friday.
“This is a significant vulnerability that could have far-reaching impacts,” said Jen Psaki, the White House press secretary, speaking at a briefing. “We are concerned there are a large number of victims.” She characterized the incident as an “active threat.”
Her remark comes after Microsoft disclosed on Tuesday that nation state hackers based in China were exploiting previously unknown flaws in on-premise versions of the software and released patches for them. The following day, the Cybersecurity and Infrastructure Security Agency, which is part of the Department of Homeland Security, issued an emergency directive in response to “observed active exploitation of these products.” As a result, civilian agencies and departments were directed to apply the patches, or disconnect Microsoft Exchange from their networks, and to look for compromises.
©2021 Bloomberg L.P.