The White House is closely monitoring emergency out-of-band software patches (or fixes) released by Microsoft this week following an extremely damaging Chinese hack of Microsoft's widely used Exchange Server software.
This ongoing zero-day attack allows the Chinese hacking collective called "Hafnium" to steal data from a compromised organization's computer network. The zero-days are present in Microsoft Exchange Server 2013, 2016, and 2019.
A zero-day attack exploits a potentially serious software security weakness a vendor or developer might be unaware of.
U.S. national security adviser Jake Sullivan said Thursday the White House is closely tracking the emergency patches.
"We are closely tracking Microsoft's emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities," tweeted Sullivan. "We encourage network owners to patch ASAP."
His tweet included a link to the emergency security patches.
Microsoft described Hafnium as "a group assessed to be state-sponsored and operating out of China." It said Hafnium was identified by the Microsoft Threat Intelligence Center (MSTIC) based on observed "tactics and procedures."
The patches fix the four major vulnerabilities in the Exchange Server software that still allows the Chinese to steal data from U.S.-based defense contractors, policy think tanks, charities, infectious disease researchers, law firms and higher education institutions.
Cybersecurity experts warn this zero-day attack is only the beginning of worse things to come.
"As bad as it is now, I think it's about to get a lot worse," said Steven Adair, president of cybersecurity firm Volexity.
"This gives them a limited amount of opportunity to go and exploit something. The patch isn't going to fix that if they left their backdoor behind."
