Microsoft Exchange Vulnerabilities

Release details

Release type

Related ministers and contacts

The Hon Andrew Hastie MP

Assistant Minister for Defence

Media contacts

Adrian Barrett (Assistant Minister Hastie’s Office): 0438 620 408

Release content

10 March 2021

Australian organisations are being urged to access and follow updated advice from the Australian Cyber Security Centre (ACSC) following vulnerable Microsoft Exchange systems being compromised by malicious cyber actors.

Assistant Minister for Defence, the Hon Andrew Hastie MP, said Australian organisations should take immediate steps to urgently patch vulnerable systems.

“Australian organisations cannot be complacent when it comes to cyber security, which is why all users of Microsoft Exchange are being urged to patch their vulnerable systems,” Assistant Minister Hastie said.

“The ACSC has identified a large number of Australian organisations yet to patch affected versions of Microsoft Exchange, leaving them exposed to cyber compromise.

“This can be done by implementing the necessary network security patches as soon as possible and then following the detection steps outlined by Microsoft.

“If organisations are unable to quickly deploy these patches, they should consider preventing internet access to the exchange web server.”

The ACSC recommends that organisations implement web shell mitigation steps and continues to monitor and investigate the situation. The ACSC is able to provide assistance as required.

For more information about how to stay secure online, visit

Other related releases