Ransom-seeking hackers are taking advantage of Microsoft’s flaw expert

Ransom-seeking hackers have begun to take advantage of a recently discovered flaw in Microsoft’s widely used mail server software, a researcher said Wednesday in the end – a major escalation that could portend widespread digital outage.

Disclosure, made on Twitter by Microsoft Corp Security Program Manager Phillip Misner, is the realization of the concerns that have been running through the security community for days. Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs started using them to rock organizations on the Internet.

Advertisement

Misner did not immediately respond to follow-up messages, and Microsoft did not return emails seeking comment. The US Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation also did not respond immediately. Although the security flaws announced by Microsoft have since been fixed, organizations around the world have failed to patch their software, leaving them open for exploitation. In Germany alone, officials said up to 60,000 networks remained vulnerable.

The fixes are free, but experts attribute the slow pace of updates from many customers in part to the complexity of the Exchange architecture. All kinds of hackers have begun to take advantage of holes – a security company recently counted 10 separate hacker groups using the flaws – but ransomware operators are among the most feared.

These groups work by blocking users from their devices and data unless victims pull out large chunks of digital currency. They now have potentially access to “a huge number of vulnerable systems,” said Brett Callow of Canadian cybersecurity firm Emsisoft. He said more modest companies – many of which lack the ability or awareness to update their software – could be particularly affected by the latest variant of ransomware.

“This is a potentially serious risk for small businesses,” he said.

(This story has not been edited by our team of editors and is generated from a feed.)

News Highlights:

  • Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs started using them to rock organizations on the Internet. Misner did not immediately respond to follow-up messages, and Microsoft did not return emails seeking comment.
  • Ransom-seeking hackers are taking advantage of Microsoft’s flaw expert