Canada's main cybersecurity watchdog has issued another warning that organizations of all sizes need to protect themselves from a recently discovered vulnerability in Microsoft Exchange email servers.
The Canadian Centre for Cyber Security said it has received reports that some Microsoft Exchange servers in Canada haven't been updated with software patches that close a security gap that was confirmed earlier this month.
"The Cyber Centre has received reporting that continue to show unpatched systems internationally, including within Canada. Some of these systems within Canada have been further compromised with malware," the centre said on its website.
The alert is the third from the Canadian Cyber Security Centre since early March, when Microsoft published several security updates for Exchange email servers.
#CyberAlert | UPDATE 3 – Active exploitation of #Microsoft Exchange vulnerabilities
— Canadian Centre for Cyber Security (@cybercentre_ca) March 16, 2021
Malicious actors are actively scanning using automated tools to identify unpatched servers.https://t.co/80ngIvFRGM pic.twitter.com/HaDNC2VuC6
Microsoft Exchange servers are widely used around the world to handle email for businesses and public sector organizations.
According to The Associated Press, the head of German government's cybersecurity agency issued a similar warning to IT system administrators on Friday.
At the time, the German cybersecurity authority said there were 20,000 known open systems in that country.
Canada's most recent warning to IT professionals, dated Tuesday, didn't say how many systems in this country still required patches.
However, it did mention the threat posed by a new family of ransomware, known as DearCry, that Microsoft identified in a Tweet on March 11.