National Cyber Security Centre
Advice following Microsoft vulnerabilities exploitation
Urgent updates released for Exchange server vulnerabilities
Microsoft has made public that sophisticated actors have attacked a number of Exchange servers and in response have released multiple security updates for affected servers.
These updates have been released ahead of the monthly update cycle because four of the seven vulnerabilities have been used in limited targeted attacks. The security updates fix the vulnerabilities exploited in the initial attack.
The vulnerabilities affect Microsoft Exchange Server. The versions affected are:
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
A defence in depth update for Microsoft Exchange Server 2010 has also been released.
Exchange Online is not affected.
The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest updates immediately.
More information about the security updates can be found on Microsoft's website.
The Microsoft Exchange Server team has published a blog about these updates, which provides a script to obtain an inventory of the patch-level status of Exchange servers on premises. It also assists with some basic questions about installing the security updates.
Further information, including IOCs and detections, can be found in the Microsoft blogs:
The NCSC strongly advises that organisations:
- Read the guidance referenced in this alert
- Install the necessary updates immediately
- Stay informed of any future updates to the guidance from Microsoft (via the links above)
Any incidents affecting UK organisations should be reported to the NCSC via the website.
Latest News from
National Cyber Security Centre
Paws-word change recommended on National Pet Day09/04/2021 14:15:00
Ahead of National Pet Day, the NCSC is encouraging people to use three random words for passwords rather than the names of their pets.
More Master's degrees at UK universities recognised by cyber security experts09/04/2021 11:15:00
Ten universities around the UK have received official recognition for their postgraduate degrees in cyber security.
CYBERUK: flagship event set to take place in fully digital format02/04/2021 10:15:00
UK government’s cyber security event to be held virtually on 11-12 May giving the widest audience chance to participate.
New NCSC CEO warns against complacency while outlining future cyber risks29/03/2021 14:48:00
Wide-ranging speech from Lindy Cameron outlines the NCSC’s key successes so far, as well as recognising new challenges and developing threats the organisation faces.
New NCSC CEO to deliver first major speech in the role this morning26/03/2021 14:15:00
Lindy Cameron will speak to a virtual audience at Queen’s University, Belfast, today.
New web tool to test your cyber risk as survey exposes 80% of British people fear online attacks24/03/2021 13:15:00
As part of the Cyber Aware campaign, a new tool has been developed to help consumers understand their cyber security risk.
Cracked it: Codebreaking schoolgirls see off local rivals for chance to win UK cyber contest22/03/2021 15:43:00
The ten teams to tackle the cyber challenges at the virtual CyberFirst Girls Competition Grand Final 2021 announced.
Early Years providers helped to take first steps with cyber security15/03/2021 14:15:00
Practical advice for Early Years education and childcare settings on protecting devices and data from cyber incidents.