NCSC issues emergency alert on Microsoft Exchange patch

by Jeremy

The UK’s National Cyber Security Centre (NCSC) has issued an emergency alert calling on thousands of at-risk organizations across the country to immediately update their on-premise Microsoft Exchange Servers as a matter of urgency, following the ProxyLogon disclosures and exploitation.

patch management adobe

In light of the growing number of advanced persistent threat (APT) groups and other malicious actors taking advantage of the vulnerabilities, including a limited number of cybercriminal ransomware operators, the NCSC has published fresh guidance to help vulnerable organizations reduce the risk of ransomware and other malware infections.

“We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organizations take immediate steps to protect their networks,” said NCSC operations director Paul Chichester.

“While this work is ongoing, the most important action is to install the latest Microsoft updates. Organizations should also be alive to the threat of ransomware and familiarise themselves with our guidance. Any incidents affecting UK organizations should be reported to the NCSC,” he said.

It is important to note that installing Microsoft’s patches will only stop future compromises, not any that have already taken place. Hence, it is also vital to scan systems and networks for any signs of intrusion, specifically web shells deployed through the exploit chain. Microsoft Safety Scanner can assist in detecting these.

The NCSC has assessed the number of vulnerable servers in the UK between 7,000 and 8,000, with approximately half of these already patched. In recent days, scans conducted by Palo Alto Networks suggest patch rates are indeed high – the firm claimed the number of vulnerable servers running old versions of Exchange that cannot directly apply the patches dropped by 30% between 8 and 11 March.

The NCSC has been working extensively with government and public and private sector organizations to spread the word and is understood to have already proactively contacted many of the vulnerable organizations.

But with the exploitation of ProxyLogon widening beyond state-backed actors, it is now becoming clear that organizations that may not have thought themselves at risk initially are in danger.

Related Posts

Leave a Comment