LONDON (Reuters) – Britain’s cyber security body urged organisations to install the latest Microsoft updates as a matter of urgency on Friday, after the company became aware of flaws that make email servers vulnerable.
“We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks,” said Paul Chichester, director for operations at the National Cyber Security Centre (NCSC).
“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates.”
The NCSC appeal follows similar warnings from authorities in the United States and Europe about the weaknesses found in Microsoft’s Exchange Server software.
The number of potentially vulnerable servers in Britain was around 7,000 to 8,000, NCSC officials said, and about half of them had been patched already.
The patch, issued by Microsoft earlier this month, fixes the vulnerability, but it does not fix any malware such as ransomware already installed.
“Organisations should also be alive to the threat of ransomware and familiarise themselves with our guidance,” Chichester said. “Any incidents affecting UK organisations should be reported to the NCSC.”
The officials said they had not seen ransomware attacks linked to the Microsoft Exchange issue occurring in Britain at any scale, but the longer that servers remained vulnerable, the more the risk would increase.
(Reporting by Paul Sandle; writing by Kate Holton; editing by Michael Holden and Giles Elgood)