The guide includes security advice previously shared by Microsoft, yet authorities felt it prudent to outline best practices for the critical and widely used technology.

Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.

The tech giant addressed a record-high number of defects for the year in its latest update.

Researchers said Thalha Jubair was a principal operator, leading or directing many attacks attributed to the hacker subset of The Com since 2022.

The company acted on a court order and collaborated with Cloudflare to seize RaccoonO365’s infrastructure, which was used to steal credentials from organizations in 94 countries.

The Oregon senator said Microsoft’s default settings for Windows and other products are enabling ransomware attacks, like the one against Ascension hospital system in 2024. 

The company is ahead of pace, disclosing about 100 more vulnerabilities at this point in the year than it did in 2024, according to a researcher.

There are still impediments to overcome before companies and agencies can get more broadly aggressive in cyberspace, both legal and commercial.

The financially motivated threat group demonstrates deep knowledge of hybrid cloud environments, which allows it to rapidly steal sensitive data, destroy backups and encrypt systems for ransomware.

Despite serious alarm raised by officials, organizations have not applied the patch for Microsoft Exchange servers en masse.