The Microsoft company logo is displayed at their offices in Sydney, Wednesday, Feb. 3, 2021. THE CANADIAN PRESS/AP-Rick Rycroft

The Microsoft company logo is displayed at their offices in Sydney, Wednesday, Feb. 3, 2021. THE CANADIAN PRESS/AP-Rick Rycroft

Watchdog ‘almost certain’ Microsoft Exchange security gap has Canadian victims

Canadian Centre for Cyber Security’s March 16 alert was the third since early March 2

TORONTO — Canada’s main cybersecurity watchdog said Wednesday that it’s likely too late to prevent criminals from using a vulnerability in Microsoft Exchange email servers, unless system administrators have already installed software patches that were issued in early March.

Scott Jones, head of the Canadian Centre for Cyber Security, said after issuing an updated alert to IT professionals that “the law of probability states that it’s almost certain that there are victims in Canada.”

“We just don’t know who they are yet,” Jones said in an interview. “We’re hoping that they know that they’re victims, though, which is also another point of the alert.”

He said he organizations that are statistically most likely to be at risk are those that have Microsoft Exchange server software on their own computers or on a smaller IT service provider, rather than through a major cloud service such as Microsoft Office 365 or Google Cloud.

Jones said organizational leaders need to ask: Have the security patches been installed? Have we checked to make sure we weren’t compromised? If there was a compromise, who needs to be told?

“Once you’ve confirmed patching and confirmed that there’s no compromise of the network, then (you) can breathe a sigh of relief and say we were lucky,” Jones said.

He said there have been public reports of widespread compromises by criminals using the security gap to install a new family of ransomware called DearCry, which Microsoft warned about in a tweet last week.

“In terms of specific Canadian organizations, we would need them to report to us — meaning give us a call in let us know that they’re victims,” Jones said.

He said it’s the responsibility of victim organizations to inform their customers, employees or any affected parties such as suppliers and insurers if there has been a security breach.

Jones said he’s not authorized to answer questions about the security of the Canadian government’s own email systems but said it has “a very robust and active” patch management program in place.

The Canadian Centre for Cyber Security’s March 16 alert was the third since early March 2, when Microsoft published several security updates for Exchange email servers.

The head of German government’s cybersecurity agency issued a similar warning to IT system administrators on Friday.

— With a file from The Associated Press

This report by The Canadian Press was first published March 17, 2021.

Cybersecurity

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Red Deer Rebels forward Arshdeep Bains eyes a loose puck in front of the Medicine Hat Tigers net Saturday night in WHL action at the Centrium. (Photo by ROB WALLATOR/Red Deer Rebels)
Rebels fall short in 12th straight loss

Tigers 5 Rebels 2 (Saturday) Tigers 3 Rebels 2 (Monday) The Red… Continue reading

Red Deer property owners will receive their 2019 property assessment notices in the next few days.  (File photo by Advocate staff)
Red Deer awaiting more details on how federal budget impacts city

The City of Red Deer is awaiting more information on how much… Continue reading

With a ban on sit-in dining once again in place, Las Palmeras owner Andre Lemus is gearing up for more takeout and delivery business. He has also applied to set up an outdoor patio, where dining is allowed under new restrictions. Photo by PAUL COWLEY/Advocate staff
Big interest in outdoor patios in Red Deer as sit-down dining banned again

City of Red Deer has tweaked its patio regulations to make it easier to get a permit

A vial of the Medicago vaccine sits on a surface. CARe Clinic, located in Red Deer, has been selected to participate in the third phase of vaccine study. (Photo courtesy www.medicago.com)
Red Deer clinical research centre participating in plant-based COVID-19 vaccine trial

A Red Deer research centre has been selected to participate in the… Continue reading

Canada head coach Bev Priestman reacts during the women's international friendly soccer match between England and Canada at Bet365 stadium in Stoke on Trent, England, Tuesday, April 13, 2021. Priestman says her goal is to help Canada move up the Olympic podium after back-to-back bronze medals at the 2012 and 2016 Games. THE CANADIAN PRESS/AP/Rui Vieira
Olympic soccer draw will allow Canadians to start planning on and off the pitch

Olympic soccer draw will allow Canadians to start planning on and off the pitch

Federal government’s extension of CEWS in budget is some good news for CFL franchises

Federal government’s extension of CEWS in budget is some good news for CFL franchises

Canada's Brendan Bottcher dropped a 6-3 decision to Scotland's Bruce Mouat in the men's final of the Humpty's Champions Cup. Bottcher makes a shot against Scotland at the Men's World Curling Championships in Calgary, Alta., Friday, April 9, 2021.THE CANADIAN PRESS/Jeff McIntosh
Mixed results for Canadian teams at Champions Cup as Homan wins, Bottcher loses

Mixed results for Canadian teams at Champions Cup as Homan wins, Bottcher loses

University of Victoria rowing coach Barney Williams is photographed in the stands during the Greater Victoria Invitational at CARSA Performance Gym at the University of Victoria in Victoria, B.C., on Friday, November 29, 2019. The University of Victoria says Williams has resigned effective immediately. THE CANADIAN PRESS/Chad Hipolito
University of Victoria women’s rowing coach resigns by mutual agreement

University of Victoria women’s rowing coach resigns by mutual agreement

Stewart Cink watches his drive down the second fairway during the final round of the RBC Heritage golf tournament in Hilton Head Island, S.C., Sunday, April 18, 2021. (AP Photo/Stephen B. Morton)
Cink coasts to win at Hilton Head for 2nd title of season

Cink coasts to win at Hilton Head for 2nd title of season

The Official UEFA Champions League match balls are on display ahead of the Champions League quarter final second leg soccer match between Liverpool and Real Madrid at Anfield stadium in Liverpool, England, Wednesday, April 14, 2021. (AP Photo/Jon Super)
Threats of expulsion as UEFA confronts Super League rebel 12

Threats of expulsion as UEFA confronts Super League rebel 12

San Jose Sharks center Patrick Marleau (12) motions to the crowd during a break to mark his passing Gordie Howe for most NHL games played in the first period of an NHL hockey game Monday, April 19, 2021, in Las Vegas. (AP Photo/John Locher)
Sharks’ Marleau breaks Howe’s NHL games played record

Sharks’ Marleau breaks Howe’s NHL games played record

Alberta NDP Leader Rachel Notley announces proposed new legislation to protect Alberta's mountains and watershed from coal mining at a news conference in Calgary on Monday, March 15, 2021. A group of 35 scientists from the University of Alberta are urging the provincial government to rethink its plans for expanding coal-mining in the Rocky Mountains. THE CANADIAN PRESS/Jeff McIntosh
Alberta legislature turns down Opposition request to debate bill to protect Rockies

Alberta legislature turns down Opposition request to debate bill to protect Rockies

Most Read