|
The
rare directive applies to software fixes for four flaws
discovered by the U.S. National Security Agency and reported to
Microsoft.
"We recognize when vulnerabilities may pose such a systemic risk
that they require expedited disclosure," Deputy National
Security Advisor for Cyber & Emerging Technologies Anne
Neuberger said in a statement.
Microsoft said it had not seen the problems being exploited so
far, but hackers will study the new patches to see what they are
fixing, then deploy attacks against unpatched machines.
The new flaws come on top of those used in a flood of attacks
earlier this year that compromised more than 20,000 U.S.
on-premises Exchange servers handling web versions of Outlook
mail.
Though the vast majority of those vulnerable to the previous
round of attacks have now patched their systems, Justice
Department officials said Tuesday they had won court permission
to gain access to privately owned servers and remove the web
shells left by some of the hackers for future remote access.
That sort of active engagement by U.S. officials is expected to
accelerate with this week's nominations of NSA veterans to other
national cyber security posts, including a head of the
Cybersecurity and Infrastructure Security Agency at the
Department of Homeland Security.
(Reporting by Joseph Menn and Chris Sanders; Editing by Chris
Reese and Grant McCool)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
