Officials urge users to install vital Microsoft update amid widespread hack of email servers
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.UK officials have urged companies to update their email servers amid fears of widespread hacks.
Last week, Microsoft said that it had found major vulnerabilities in its Exchange Server tools, which is used to run email and calendars for many large companies.
Those vulnerailities were already being exploited, it said. Since then it has emerged that such attacks could be widespread, with a range of hackers making use of the security flaw.
Microsoft has since issued updates intended to fix them, but companies are only safe if they have applied those updates.
The National Cyber Security Centre (NCSC) advised companies to ensure they had installed those updates and that they should familiarise themselves with its advice on ransomware and other threats that may follow any attacks.
In a tweet, Microsoft Security Intelligence confirmed that it was already seeing “a new family of ransomware” that was being used on Exchange Servers that had not yet had the critical security updates installed on them.
Ransomware infects a system and stops it working as normal, encrypting data so that files cannot be accessed until fee – or ransom – is paid to decrypt them and get them back. As such, an attack can immediately cause untold damage to any company or organisation that relies on its computer systems.
The NCSC also advised people to ensure that they search their systems for evidence that they had been compromised. Its official advice notes that institutions should do so whether or not they updated quickly, because they might have been successfully attacked before the update was installed, and the update does not fix a system that has already been compromised.
“We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks,” said Paul Chichester, director of operations at the National Cyber Security Centre.
“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates.
“Organisations should also be alive to the threat of ransomware and familiarise themselves with our guidance. Any incidents affecting UK organisations should be reported to the NCSC.”
The flaws affect the 2013, 2016 and 2019 versions of Microsoft Exchange Server. They do not affect Exchange Online, the service which is offered as part of Microsoft’s online 365 tool.
It pointed organisations to its advice on dealing with ransomware and other malware attacks.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments