By Joseph Menn
WASHINGTON (Reuters) – The top cybersecurity official in the White House on Tuesday directed all government agencies to urgently apply new patches for Microsoft Corp Exchange email servers to head off exploitation by hackers.
The rare directive applies to software fixes for four flaws discovered by the U.S. National Security Agency and reported to Microsoft.
“We recognize when vulnerabilities may pose such a systemic risk that they require expedited disclosure,” Deputy National Security Advisor for Cyber & Emerging Technologies Anne Neuberger said in a statement.
The new flaws come on top of those used in a flood of attacks earlier this year that compromised more than 20,000 U.S. on-premises Exchange servers handling web versions of Outlook mail.
Though the vast majority of those vulnerable to the previous round of attacks have now patched their systems, Justice Department officials said Tuesday they had won court permission to gain access to privately owned servers and remove the web shells left by some of the hackers for future remote access.
That sort of active engagement by U.S. officials is expected to accelerate with this week’s nominations of NSA veterans to other national cyber security posts, including a head of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.
(Reporting by Joseph Menn and Chris Sanders; Editing by Chris Reese and Grant McCool)