Microsoft is investigating the possibility a partner leak may have made the ongoing Microsoft Exchange Server attacks worse. The company says it has observed no internal leaks and is drawing no conclusions about a third-party leak. However, The Wall Street Journal reports an investigation into the potential for a partner leak is ongoing.
Microsoft Exchange Server is in the midst of an attack through an exploit first used by the HAFNIUM group. More threat groups have since targeted the exploit. Microsoft has sent out patches for all versions of the service, including those out of support.
Microsoft says updating Exchange Server is the best way to avoid the exploit. Furthermore, the company has launched a tool to help customers know if they have been breached.
Now the company is said to be investigating if “sensitive information” came from “private disclosures it made with some of its security partners.”
PoC Blunder?
Microsoft is looking to see if the proof-of-concept (PoC) code for the exploit was sent privately between the company and partners of its Microsoft Active Protections Program (Mapp) was leaked. Speaking to ZDNet, the company says it does not believe the leak was internal:
“We are looking at what might have caused the spike of malicious activity and have not yet drawn any conclusions. We have seen no indications of a leak from Microsoft related to this attack.”
Microsoft did send the PoC code to cybersecurity partners on February 23, which was before any patch was released. This was to give those researchers time to detail the exploit. Microsoft says the ongoing attacks bear a resemblance to the internal PoC.
The company is now investigating if a leak happened, how it happened, and whether it was on purpose.
Tip of the day:
Did you know you can use Windows 10´s built in antivirus Microsoft Defender also with scheduled scans? In our tutorial we give you step-by-step instructions on how to program your personal scan-schedule to keep your free of malware.