Categories: SecurityWorkspace

‘Thousands’ Of UK Firms Hit By Microsoft Exchange Hacks

Thousands of UK email servers are likely to still be vulnerable to unpatched security flaws affecting Microsoft Exchange, authorities have said.

The National Cyber Security Centre (NCSC) estimated some 7,000 email servers in the country were affected by the Exchange bugs, with only half having applied patches.

The agency said it had contacted some 2,300 UK businesses to warn them that their systems had been hacked as part of a free-for-all making use of the vulnerabilities.

The NCSC said it had discovered evidence that web shells, which can be used to access systems and steal information, were discovered on the businesses’ networks.


The presence of a web shell does not guarantee that a data breach has taken place, and once discovered the shells can be removed.

The NCSC issued new guidance on Friday telling businesses it is “vital” that they update Exchange and search for evience of compromise.

The agency’s statement is the first evidence of the scale of the Exchange issue in the UK.

It said ransomware gangs have begun using the flaws to carry out attacks, but that as yet there is no evidence of widespread ransomware attacks using the issues in the UK.

The NCSC said it is particularly concerned about the security of small and medium-sized businesses that may not have heard about the urgent patches Microsoft issued earlier this month.

“We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks,” said NCSC director for operations Paul Chichester.

European impact

“While this work is ongoing, the most important action is to install the latest Microsoft updates.”

Chichester said organsations should search for indicators of compromise on their own networks and familiarise themselves with the guidance around ransomware attacks.

Microsoft said the Exchange flaws were initially exploited for several months by a Chinese state-backed hacking group.

But once the bugs were discovered and made public, a number of other state-backed groups, as well as criminal gangs, rushed to identify vulnerable servers.

Security researchers have estimated as many as 250,000 servers around the world could be vulnerable.

In Europe, the Norwegian parliament and the European Banking Authority both said they had been breached, although the EBA said there was no evidence that information had been stolen.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

2 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

2 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago