
Exchange Server Vulnerabilities
Urgent NCSC notice: protect your Exchange Servers
You may already know about the four zero-day vulnerabilities in Microsoft Exchange Servers. They’ve been in and out of the news since early January.
What we’re now learning is that a state-sponsored threat group from China is actively exploiting the vulnerabilities, and other cyber attackers have adopted them in widespread attacks. It’s reported that hackers are exploiting them to drop ransomware.
The UK’s National Cyber Security Centre (NCSC) believes that over 3,000 Microsoft Exchange email servers used by UK organisations haven't had the critical security patches applied and therefore remain at risk from cyber attackers who want to take advantage of the vulnerabilities.
Apparently, tens of thousands of organisations around the world have had their email servers compromised by the cyber attacks targeting Microsoft Exchange, potentially putting large amounts of sensitive information into the hands of hackers.
Are your servers affected?
The affected Exchange Server versions are:
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
If you use any of these in your business, the UK’s National Cyber Security Centre (NCSC) advises that you take action immediately to install the latest updates.
What to do
To identify whether your Exchange Server has been compromised with security scripts, check here: GitHub
If your organisation runs an out-of-support version of Exchange Server, NCSC recommends updating to a supported version without delay. It also advises you to report any suspected compromises on its website.
Read more:
- The NCSC’s full news report on Exchange Server vulnerabilities
- Microsoft Exchange Server zero-day attacks: Malicious software found on 2,300 machines in the UK
- White House warns organizations have 'hours, not days' to fix vulnerabilities as Microsoft Exchange attacks increase
- At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
- Microsoft releases one-click mitigation tool for Exchange Server hacks
Read
More

Cryoserver Expands Globally to Botswana
Cryoserver (UK) – Manufactures and supports “Advanced enterprise Email Archiving Software” ITWORX.…

Is Email Archiving the Key to IT Success?
IntroductionDid you know that the average office worker sends and receives over 120 emails per day?…

Where Do Emails Go That Are Archived?
Cleaning up an email inbox is an admin job everyone must do at various times. While for some it may…

Cryoserver voted Top 10 Cloud/SaaS vendor
Email archiving provider Cryoserver won a Top 10 Cloud/SaaS vendor award at Britain's Reseller…

The Benefits of Archiving Emails
There were more than 281 billion consumer and business emails sent per day in 2018, and this figure…
