New Microsoft Exchange vulnerabilities

Department of Defence

Australian organisations need to take further action and follow updated advice from the Australian Cyber Security Centre (ACSC) and Microsoft to patch vulnerable Microsoft Exchange systems.

Assistant Minister for Defence, the Hon Andrew Hastie MP, said it is critical that newly identified vulnerabilities are addressed to avoid having Microsoft Exchange email software systems compromised by adversaries.

“Patches previously released by Microsoft in March 2021 do not remediate these new vulnerabilities, and organisations must urgently apply new updates to prevent potential compromise,” Minister Hastie said.

“This is a critically important task for Australian businesses and organisations.

“The ACSC has identified extensive targeting and compromises of Australian organisations with vulnerable Microsoft Exchange deployments.

“People should visit the new alert, available at cyber.gov.au, to identify the steps outlined by the ACSC and access the Microsoft guidance.”

Australian organisations should urgently follow new advice on the April 2021 patches.

/Public Release. This material comes from the originating organization and may be of a point-in-time nature, edited for clarity, style and length. View in full here.