A security flaw – described as “as serious as they come” – in Microsoft’s Exchange email systems has been identified in UK Government and police forces computer systems. The vulnerabilities were revealed during a computer security conference earlier this month, with hackers leaping at the opportunity to exploit the flaw to cause mayhem.
Microsoft has released a patch that fixes the vulnerability, however, more than 50 percent of Microsoft Exchange servers in the UK have not been updated, security researchers have revealed. As such, huge swathes of email users are still vulnerable to hackers.
Among those still open to attack are a number of the British Government’s gov.uk domain as well as the police.uk domain used by forces across England, Wales, and Northern Ireland, Sky News has revealed.
While it’s possible to blame these organisations for dragging their heels with the latest security patches, Kevin Beaumont, a security researcher who has worked for Microsoft in the past, believes some of the responsibility falls at the feet of the company behind the software. Beaumont has slammed Microsoft for what he has branded “knowingly awful” messaging to get customers to update their software.
Although the flawed code was patched by Microsoft back in April and May, the Redmond-based company failed to assign the problems a CVE identifier (Common Vulnerabilities and Exposures) until July. Those extra few weeks delayed the methods used by organisations to track and update vulnerabilities.
“Given many organisations vulnerability manage via CVE, it created a situation where Microsoft’s customers were misinformed about the severity of one of the most critical enterprise security bugs of the year,” Mr Beaumont wrote.
Responding to the criticisms, a spokesperson for Microsoft said: “We released security updates to help keep our customers safe and protected against this attack technique. We recommend that customers adopt a strategy to ensure they are running supported versions of software and promptly install security updates as soon as possible after each monthly security release.”
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
