Users of Microsoft Exchange Server open to vulnerabilities, warns NCSC

Updated: Apr 8, 2021

The National Cyber Security Centre (NCSC) has issued a report urging businesses to update their Microsoft Exchange software due to targeted attacks from criminals using tools to identify Exchange servers that do not have updates installed before then installing malicious software onto these vulnerable servers.

Malicious software (or ‘malware’) can be dangerous for organisations as it can result in hackers having access to company computer systems, including sensitive information and data.

Versions of the Microsoft Exchange Server affected by these vulnerabilities are:

· Microsoft Exchange Server 2013

· Microsoft Exchange Server 2016

· Microsoft Exchange Server 2019

*Exchange Online (as part of Microsoft 365) is not affected.

The updated advice offered by the NCSC is outlined below:

1. Install the latest updates immediately - this is the first priority for all UK organisations who are using affected versions of the Server. Microsoft security updates can be found here:

2. If updates cannot be installed, the recommended Microsoft mitigations should be implemented. These temporary mitigations can be found here:

3. If organisations cannot install the updates, or apply any of the mitigations, the NCSC recommends isolating the Exchange server from the internet by blocking untrusted connections

The NCSC strongly advises all organisations using affected versions of Microsoft Exchange Servers to proactively search systems for evidence of compromise, in line with Microsoft’s guidance.

You can download the NCSC’s latest guide to updating Microsoft Exchange from our resources section.

If you require further support or advice following this cyber-attack, please get in touch with the NEBRC at:

Sign up to our free core membership at the NEBRC to receive fortnightly tips and tricks to help keep your organisation secure.

The National Cyber Security Centre (NCSC) and National Police Chiefs Council (NPCC) are working together to support the establishment of Regional Cyber Resilience Centres (CRCs). The CRCs represent a significant opportunity for the NCSC to expand the reach of its guidance and services to smaller organisations across the country, and provide an extra level of practical support to enhance their impact. The NCSC is currently assisting the NPCC in determining the suite of cyber security services that the CRCs will be able to offer.