A new tool developed by Microsoft to contain damage from a massive hack of its email server software has helped to reduce the number of vulnerable entities in the last week, according to a National Security Council spokesperson.
The tool was created by the technology giant after recent discussions with the White House. Anne Neuberger, the deputy national security adviser for cyber and emerging technology, worked with Microsoft to find a simple solution for smaller businesses facing time-consuming and difficult cleanup of the hack, the spokesperson said.
The company released the “Exchange On-Premises Mitigation Tool” last week and it’s been downloaded 25,000 times, the official said. The tool protects against future attacks and scans the system for known compromises, then attempts to remediate them. The company has said its software should still be updated to the latest version after running the tool.
Companies in the U.S. and around the world have been pummeled recently by twin attacks stemming from Russian and China, which together scooped up tens of thousands of victims and underscored the vulnerability of the world’s computers to nation-state hackers.
In December, Russian hackers were found inside the networks of nine government agencies and at least 100 private companies, where they had been collecting intelligence for months. Then Chinese hackers breached tens of thousands of companies in an unusually aggressive campaign using flaws in Microsoft’s business email software. The White House has said that one solution is increased cooperation with the private sector, including companies like Microsoft, whose software runs on the majority of the world’s computers.
About 45% of the vulnerable systems had been patched over the past week, the spokesperson said. There are now fewer than 10,000 vulnerable systems remaining in the U.S., down from at least 120,000 at the start.
Hackers have been racing to exploit the vulnerability in the software, which Microsoft has said started with a Chinese government-backed hacking group and has racked up tens of thousands of victims.
The attack came months after the SolarWinds breaches by suspected Russian cyberattackers, and drew the concern of U.S. national security officials, in part because the latest hackers were able to hit so many victims so quickly.
Microsoft has said customers that use its cloud-based email system are not affected.