UK Gov't, Police Servers Reportedly Vulnerable to New Microsoft Email Hack
© Sputnik / Kirill KallinikovRansomware attacks global IT systems
© Sputnik / Kirill Kallinikov/
The reported vulnerabilities, highlighted by a former Microsoft employee, are said to allow hackers to remotely execute code on an email server, without having to enter a password.
Hackers are targeting Microsoft email servers using a set of vulnerabilities named ProxyShell that was earlier revealed by Orange Tsai at the BlackHat conference, with some UK and US government entities possibly at risk, according to security researchers.
Kevin Beaumont, who used to work at Microsoft, penned an article highlighting the vulnerabilities and how they are exploited by hacker groups, blasting Microsoft for "knowingly awful" messaging to their customers to update their software to patch the vulnerabilities.
"Microsoft decided to downplay the importance of the patches and treat them as a standard monthly Exchange patch, which have been going on for — obviously — decades", Beaumont wrote.
According to the security researcher, the vulnerabilities are "extremely serious", as they allow hackers to remotely execute code on email servers, without needing a password.
"To make matters worse, Microsoft failed to allocate CVEs for these vulnerabilities until July — 4 months after the patches were issued", Beaumont noted. "Given many organizations vulnerability manage via CVE, it created a situation where Microsoft’s customers were misinformed about the severity of one of the most critical enterprise security bugs of the year."
Beaumont noted in his article that "many US government systems are unpatched". According to Sky News, several servers on the British government's gov.uk domain, along with the police.uk domain used in England, Wales and Northern Ireland, are still vulnerable to attack.
"Customers who have applied the latest updates are already protected against these vulnerabilities", a spokesperson for Microsoft said, cited by Sky News.
The UK's National Cyber Security Centre told the outlet it was "aware of ongoing global activity targeting previously disclosed vulnerabilities in Microsoft Exchange servers", but did not see evidence of any UK entities compromised.
"The NCSC urges all organisations to install the latest security updates to protect themselves and to report any suspected compromises via our website," it added.
Concerns in regard to Microsoft Exchange hacking attacks intensified earlier in the year, with the US and the UK accusing China of being involved in ransomware attacks in which an estimated 400,000 servers were said to have been affected. Beijing denied the claims.