FBI Removing Web Shells From Infected Exchange Servers Twitter
FBI headquarters in Washington (Photo: Tim Evanson via Flickr/CC)
A federal court in Texas gave the FBI the go-ahead to remove malware from on-premises Microsoft Exchange servers at organizations infected in a wave of voluminous zero-day attacks earlier this year, the Department of Justice said on Tuesday.
Since Friday, the FBI has been removing web shells, or scripts that allow remote access, from Exchange servers belonging to organizations in at least eight states, according to an unsealed application for a search warrant released by the DOJ. The operation is authorized to run through April 23.
Get Permission
Microsoft issued patches Tuesday for four new critical vulnerabilities in the company s on-premises Exchange Server software. The flaws were discovered by the U.S. National Security Agency and disclosed to Microsoft. The company says customers using on-premises Exchange should prioritize these patches. We have not seen the vulnerabilities used in attacks against our customers. However, given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats, the Microsoft Security Response Center says.
The NSA joined with Microsoft in urging users to make the updates immediately.