Cybersecurity experts are rounding on Microsoft over the hack of its Exchange Server e-mail system saying the situation is really messy and getting worse.

Dozens of Australian companies and organisations have been hard hit by the cyber-attack and despite continued calls from the software-as-a-service giant, haven’t download security patches supplied.

Cybersecurity outfit Red Canary says it’s not encouraged by what it has found so far in the US, and says the attacks, now coming from several sources, are not slowing down.

In a recent update on its website, the Australian Cyber Security Centre says it has identified a large number of Australian organisations that are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise and has repeated calls for them to urgently download security patches.

The number of victims of the attacks runs into the tens of thousands and US officials say it’s so big they haven’t been able to compile a full list of those impacted.