40 percent of all Dutch Microsoft Exchange email servers are still vulnerable, the National Cyber Security Center (NCSC) writes on Monday.
Microsoft last Tuesday reported the vulnerability, which has affected tens of thousands of organizations in Europe, Asia and the United States.
The company accused China of stealing emails through the vulnerability.
There have been updates available since last week that close the gap.
According to NCSC, 40 percent of all Dutch Exchange servers have not yet installed these, making them still vulnerable.
According to Microsoft, there is a real risk that hackers, not only from China, will exploit the leak. Exchange is the server technology behind Outlook, Microsoft's email app.