Microsoft Probing Whether Leak Played Role in Suspected Chinese Hack (wsj.com) 16
Microsoft is investigating whether a world-wide cyberattack on tens of thousands of its corporate customers may be linked to a leak of information by the company or its partners, WSJ reported Friday, citing people familiar with the matter. From a report: The investigation centers in part on the question of how a stealthy attack that began in early January picked up steam in the week before the company was able to send a software fix to customers. In that time, a handful of China-linked hacking groups obtained the tools that allowed them to launch wide-ranging cyberattacks that have now infected computers all over the world running Microsoft's Exchange email software. Some of the tools used in the second wave of the attack, which is believed to have begun Feb. 28, bear similarities to "proof-of-concept" attack code that Microsoft distributed to antivirus companies and other security partners Feb. 23, investigators at security companies say. Microsoft had planned to release its security fixes two weeks later, on March 9, but after the second wave began it pushed out the patches a week early, on March 2, according to researchers.
Re: I'm going to be first in pointing out (Score:1)
Unlikely (Score:1)
Re: (Score:1)
Indeed. But misdirection will keep people buying their crap a while longer.
Re: (Score:2)
I would have thought the investigation should have been really really easy. Just ask the PR=B$ (public relations lies for profit, who were pushing hard the Russian Government Security Services did it how could M$ possibly do exactly what they had been paid to do protect against it or the Chinese Government Security Services did it how could M$ possibly do exactly what they had been paid to do protect against it ) who at M$ contracted to do it and ask them. You could also ask the lobbyists who were pushing i
Re: (Score:2)
I'd argue it was business strategy.
They don't want anyone to run Exchange on premise, they want you in a perpetual subscription.
Consequently, most Exchange software development effort has been on the cloud side and little effort has been put into on-premise since 2013.
The fact that this bug vulnerability extends back to 2013 only reinforces this idea.
Timing (Score:3)
Why would you distribute proof of concept code to 3rd parties weeks before you patched the issue?
Re: (Score:3)
Because they were trusted partners with a practice of sharing security information before releasing patches so that by the time the public knew about the patched exploits, the anti-virus and other security companies would be prepared to detect related malware.
Re: (Score:2)
Maybe one or more of those trusted partners were compromised in the SolarWinds debacle, so the sharing got "out of hand"?
Re: (Score:2)
That is, I presume, a best-case scenario.
It seems unlikely to me that the link is that transitory.
Not so fast.... Security software.... (Score:2)
You do know that microsoft actually MAKES security software to protect all of their products...
Microsoft Defender for Endpoint
Threat & Vulnerability Management
This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
Attack surface reduction
The attack surface reduction set of capabilities provides the first line of defense in the stack. By ensuring configuration settings are properly set and explo
Failed Article Link (Score:1)
WSJ article referenced in this teaser requires that you be a subscriber to read it in full.
A little detail like that should be noted in the /. teaser for those of us that don't care to subscribe.