State & Local Governments Respond to ‘Live’ Outlook Security Flaw

Last month, Microsoft Threat Intelligence discovered a security vulnerability in Microsoft Outlook for Windows that could allow hackers to steal user login credentials when they access email from an unsecured network, such as the Internet. This vulnerability is related to a technology called LAN manager (NTLM) that is used to manage login information. 

After sounding an alarm for live exploitation of the Outlook security flaw, Microsoft said it traced the exploit to a Russian APT targeting a limited number of organizations in government, transportation, energy, and military sectors in Europe. Microsoft’s Security Response Center (MSRC) did publish mitigation guidance and offered a CVE-2023-23397 script to help with audit and cleanup in response to the severity of the issue. “We strongly recommend all customers update Microsoft Outlook for Windows to remain secure,” Microsoft said.

A zero-day vulnerability means that the issue was detected while it was already live and potentially exploitable, meaning there are “zero days” for an organization to find a solution because it is already a real threat. As with most cybersecurity vulnerabilities, the impact is rarely isolated to one continent. Though Europe may have been targeted initially, local and state governments in the U.S. and Canada warned that the “critical zero-day vulnerability” recently discovered in Outlook could allow hackers to access email accounts and exfiltrate sensitive government data such as emails, attachments, and other confidential information if not addressed urgently. 

While Microsoft has released patches to address the vulnerability, local and state governments that have not yet applied these patches remain at risk. With limited resources to devote to cybersecurity and lagging internal response times compared to the private sector, Thrive is seeing more public sector interest in cloud adoption, where municipalities are looking to store sensitive data on a private cloud server, while using public for more routine communications like email. 

• A 2020 survey conducted by the National Association of State Chief Information Officers (NASCIO), 49% of state CIOs reported that their state government had adopted a cloud-first strategy for IT service delivery. 
• In addition, the survey found that 77% of state CIOs reported that their state government had moved at least some of their IT services to the cloud. 
• According to a 2019 email security report, Microsoft Exchange Server was the most commonly used email system among U.S. government organizations. The report found that 68% of all government organizations surveyed used Exchange Server, while 21% used Office 365 (which includes Exchange Online). 

Shifting to cloud-based email is particularly appealing for state and local governments –  cost savings, improved scalability and flexibility, reduced maintenance requirements, are all attractive incentives. However, in light of the bombardment of cyber attacks and an ever-expanding attack surface as government organizations embrace more and more IT modernization tools, cloud offers cybersecurity features like multi-factor authentication, data encryption, and advanced threat detection capabilities.

Thrive has dedicated 24/7 security teams that monitor email systems for potential threats and is equipped to respond in real-time; versus having to reassign internal teams to troubleshoot the latest vulnerability. With a trusted partner that takes responsibility for security, maintenance and updates (like adding or removing users since local and state governments experience frequent fluctuations in staffing needs), the latest cyber “Exploit” to make headlines quickly becomes yesterday’s news.