Protecting Australian business from Microsoft Exchange vulnerability

Release details

Release type

Related ministers and contacts

The Hon Andrew Hastie MP

Assistant Minister for Defence

Media contacts

Assistant Minister Hastie's Office, Ella Kenny, 0437 702 111

Release content

12 March 2021

The Australian Cyber Security Centre (ACSC) has today released updated advice on detailing the cyber security threat to Australian businesses and organisations who are yet to patch vulnerable versions of Microsoft Exchange.

Assistant Minister for Defence, the Hon Andrew Hastie MP, said Australian businesses and organisations that use Microsoft Exchange should urgently patch their vulnerable versions of Microsoft Exchange, and protect themselves from potential compromise.

“Our first priority is to keep Australians safe, including when online, and it is vital that Australian small businesses and organisations take the necessary steps to protect themselves from this vulnerability,” Assistant Minister Hastie said.

“Now that this vulnerability is known, organisations and businesses – particularly small businesses who may not update their IT security regularly – are at additional risk of being targeted by malicious cyber actors who are financially motivated.”

“The best thing Australian organisations can to do protect themselves is visit for the latest advice from the ACSC and Microsoft on how to protect yourselves against this vulnerability. It is easy to do, and I am urging all Australian businesses to get on top of this and protect their networks.”

Head of the ACSC, Abigail Bradshaw CSC said it was critical that all businesses and organisations secure their information and patch their networks to protect themselves as a matter of urgency.

“Organisations then need to follow the detection steps outlined by Microsoft – available at – to identify if they were compromised prior to patching, and whether they need to take additional steps to protect their networks.

“The ACSC is already assisting a number of Australian organisations and I urge all organisations who have been impacted or require assistance to contact the ACSC via 1300 CYBER1 – we are here to assist you at all times of the day and night.”

Cyber security is a team effort and a shared responsibility. It is vital that Australian organisations are alert to this threat and take steps to strengthen the resilience of their networks.

For all cyber security advice and guidance, including tips for how to stay secure online, visit


Other related releases