Update for organisations on Microsoft Exchange Server vulnerabilities

Organisations are advised to take steps to avoid compromise by an increasing range of threat actors.

19th March 2021

The NCSC is encouraging all organizations to install the latest Microsoft Exchange Server updates, as a matter of urgency.

Last week, Microsoft warned of large-scale exploitation of unpatched vulnerabilities and issued multiple security updates for the affected Servers.

The NCSC’s updated alert provides advice that will help reduce the risk of future ransomware and other malware infections.

NCSC Director for Operations, Paul Chichester, said:

“We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organizations take immediate steps to protect their networks.

“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates.

“Organisations should also be alive to the threat of ransomware and familiarise themselves with our guidance. Any incidents affecting UK organizations should be reported to the NCSC.”

All organisations are advised to proactively search systems for evidence of compromise, in line with Microsoft's public advice.