The UK Government’s and Police Forces computer systems have been affected by a security flaw in Microsoft Exchange email systems. It has been described as “as severe as they come”. Hackers jumped at the chance to use the vulnerabilities to create mayhem, as the vulnerability was revealed in a computer security conference held earlier this month.
Security researchers revealed that while Microsoft released the patch to fix the vulnerability, over half of Microsoft Exchange servers located in the UK are still not up-to-date. This means that hackers are still able to attack large swathes, or email users.
Sky News revealed that there are still a few domains of British Government’s “gov.uk” domain, as well as police.uk, which is used by the forces in England, Wales and Northern Ireland.
Although it is possible to fault these organizations for not updating their security patches on time, Kevin Beaumont (a security researcher who worked previously for Microsoft) believes that some of the blame lies with Microsoft. Beaumont attacked Microsoft’s “knowingly terrible” messages to customers in an attempt to convince them to upgrade their software.
While Microsoft had fixed the flaw code in April and May of this year, Redmond’s company did not assign the problem a CVE ID (Common Vulnerabilities Exposures). This was until July. These extra weeks have delayed organizations’ ability to update and track vulnerabilities.
Beaumont stated that Microsoft customers had been misinformed by Microsoft about one of the worst enterprise security bugs.
Microsoft responded to criticisms by saying: “We have released security updates in order to keep our customers protected and safe from this attack technique.” Customers should have a plan to make sure they’re using supported software versions and install security updates promptly after every security update.
Publiated at Wed 25 August 2021, 09:21:50 +0000