Thousands of Microsoft Exchange servers still compromised after patches
Microsoft has previously warned that patching won’t evict a hacker who has already compromised a server.
Thousands of Microsoft Exchange servers are still compromised by hackers even after applying fixes, a top U.S. cybersecurity official said Monday, citing data from cybersecurity companies.
Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said owners of the email servers that were compromised before Microsoft Corp. issued a patch nearly three weeks ago must take additional measures to remove the hackers from their networks.
“We remain committed to supporting our customers against these attacks, to innovating on our security approach, and to partnering closely with governments and the security industry to help keep our customers and communities secure,” a Microsoft spokesperson said on Monday.
The servers that remain compromised could be used as a launching pad for criminal hackers to initiate ransomware attacks on computer networks, in which files are encrypted and held ransom in exchange for a payment. Reports of ransomware attacks inside compromised networks have so far been sparse.
About 45% of the vulnerable systems had been patched over the past week, a National Security Council spokesperson said. There are now fewer than 10,000 vulnerable systems remaining in the U.S., down from at least 120,000 at the start.
By William Turton