New Microsoft Exchange vulnerabilities

Release details

Release type

Related ministers and contacts


The Hon Andrew Hastie MP

Assistant Minister for Defence


Media contacts

Ella Kenny (Assistant Minister Hastie’s Office): 0437 702 111

Release content

15 April 2021

Australian organisations need to take further action and follow updated advice from the Australian Cyber Security Centre (ACSC) and Microsoft to patch vulnerable Microsoft Exchange systems.   

Assistant Minister for Defence, the Hon Andrew Hastie MP, said it is critical that newly identified vulnerabilities are addressed to avoid having Microsoft Exchange email software systems compromised by adversaries.

“Patches previously released by Microsoft in March 2021 do not remediate these new vulnerabilities, and organisations must urgently apply new updates to prevent potential compromise,” Minister Hastie said.

“This is a critically important task for Australian businesses and organisations.

“The ACSC has identified extensive targeting and compromises of Australian organisations with vulnerable Microsoft Exchange deployments.

“People should visit the new alert, available at cyber.gov.au, to identify the steps outlined by the ACSC and access the Microsoft guidance.”

Australian organisations should urgently follow new advice on the April 2021 patches.

For more information on these vulnerabilities and the action you should take to secure your systems, visit cyber.gov.au.

Other related releases