Electoral Commission hackers may have exploited Microsoft server

A flaw in a Microsoft email server may have allowed hackers into the Electoral Commission’s systems, researchers have claimed.

The commission was using a Microsoft Exchange server for its email, but between September and November last year a “zero day” vulnerability emerged for this system. This is a previously unknown flaw that has just been discovered for which developers have “zero days” to fix.

Kevin Beaumont, a security researcher who used to work at Microsoft, said the flaw, called ProxyNotShell, would have allowed “complete compromise of their network” if exploited. He said that Microsoft could not fully resolve the problem between September and November — a period he called “a significant delay”.

The Electoral Commission identified the breach that enabled the hackers to access the


Related Posts