NCSC: Install Latest Microsoft Exchange Server Updates Urgently

The National Cyber Security Center (NCSC) is encouraging all UK organizations to install the latest Microsoft Exchange Server updates as a matter of urgency.

The urgent advisement comes after Microsoft released out-of-band patches to fix multiple zero-day Exchange Server vulnerabilities believed to be being exploited by Chinese state-sponsored actors last week.

A week later, ESET claimed that more than 10 different advanced persistent threat (APT) groups have been detected exploiting the vulnerabilities, with the security firm having identified more than 5000 global email servers affected by malicious activity.

The NCSC’s updated alert provides advice that will help reduce the risk of future ransomware and other malware infections. 

NCSC director for operations, Paul Chichester, said: “We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organizations take immediate steps to protect their networks.

“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates.

“Organizations should also be alive to the threat of ransomware and familiarize themselves with our guidance. Any incidents affecting UK organizations should be reported to the NCSC.”

All organizations are advised to proactively search systems for evidence of compromise, in line with Microsoft’s public advice, the NCSC added.