WASHINGTON DC – A vulnerability Microsoft has already fixed in an urgent security update this week is wreaking havoc on businesses, and has caught the attention of the White House.
On March 2, Microsoft released an emergency security update for its Microsoft Exchange email and communications software, patching a security hole in versions of the software going back to 2013. But as customers slowly update their systems, there are signs that at least 30,000 organizations across the US have already been hit by hackers who stole email communications from their systems.
The attacks, which were reported by security expert Brian Krebs on Friday, have hit infectious-disease researchers, law firms, defense contractors, higher education institutions and nongovernmental organizations. Krebs said the researchers who identified the flaw had seen attackers exploiting the vulnerability two months ago.