Technology

Police and UK Government vulnerable to new Microsoft email hack… are YOU?

By Naomi Gleit

A security flaw – described as “as serious as they come” – in Microsoft’s Exchange email systems has been identified in UK Government and police forces computer systems. The vulnerabilities were revealed during a computer security conference earlier this month, with hackers leaping at the opportunity to exploit the flaw to cause mayhem.

Microsoft has released a patch that fixes the vulnerability, however, more than 50 percent of Microsoft Exchange servers in the UK have not been updated, security researchers have revealed. As such, huge swathes of email users are still vulnerable to hackers.

Among those still open to attack are a number of the British Government’s gov.uk domain as well as the police.uk domain used by forces across England, Wales, and Northern Ireland, Sky News has revealed.

While it’s possible to blame these organisations for dragging their heels with the latest security patches, Kevin Beaumont, a security researcher who has worked for Microsoft in the past, believes some of the responsibility falls at the feet of the company behind the software. Beaumont has slammed Microsoft for what he has branded “knowingly awful” messaging to get customers to update their software.

Although the flawed code was patched by Microsoft back in April and May, the Redmond-based company failed to assign the problems a CVE identifier (Common Vulnerabilities and Exposures) until July. Those extra few weeks delayed the methods used by organisations to track and update vulnerabilities.

“Given many organisations vulnerability manage via CVE, it created a situation where Microsoft’s customers were misinformed about the severity of one of the most critical enterprise security bugs of the year,” Mr Beaumont wrote.

Responding to the criticisms, a spokesperson for Microsoft said: “We released security updates to help keep our customers safe and protected against this attack technique. We recommend that customers adopt a strategy to ensure they are running supported versions of software and promptly install security updates as soon as possible after each monthly security release.”

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Naomi Gleit 44842 posts 0 comments
More Stories

Will OnePlus 13 outpace Xiaomi with the first Snapdragon 8…

Google to appeal Play Store ruling | Computer Weekly

Smart charger aims to ease grid stress from EVs

1 of 69,748