the staff of the Ridgewood blog
Ridgewood NJ, Microsoft was made aware of initial attacks exploiting 4 previously unknown vulnerabilities in Exchange Server in early January, two months before issuing patches, according to a new report Monday by security journalist Brian Krebs.
Estimates put the number of servers compromised by the attack in the hundreds of thousands globally. Including thousands of state and city governments, fire and police departments, school districts, financial institutions, and other organizations. Microsoft attributed the initial attacks to hackers linked to China, but said last week that attacks were ongoing from “multiple malicious actors.” The company is urging those running Exchange Server to install updates as soon as possible.
It comes at a difficult time for many IT administrators still dealing with the fallout from the SolarWinds hack. According to KrebsOnSecurity, the attack has been ongoing since January 6th (the day of the Capitol Hill breech), but ramped up in late February. Microsoft released its patches on March 2nd, which means that the attackers had almost two months to carry out their operations
Microsoft said , the vulnerabilities allowed hackers to gain access to email accounts, and also gave them the ability to install malware that might let them back into those servers at a later time.