Critical warning over Microsoft compromised-email risk

By Melissa Coade

Thursday April 15, 2021

Organisations should apply the Microsoft patch released this week as a matter of urgency. (Image: Adobe/Aleksei)

The Australian Cyber Security Centre (ACSC) has issued urgent advice for local organisations to patch new vulnerabilities discovered in the Microsoft Exchange systems.

A patch to mitigate ‘significant’ new vulnerabilities discovered in Microsoft Exchange 2013, 2016 and 2019 was released on Tuesday. 

The ACSC has advised local organisations to apply the patch released this week as a matter of urgency.

Assistant minster for defence Andrew Hastie said that any Microsoft patch released prior to April this year did not cover the new vulnerabilities. 

“Patches previously released by Microsoft in March 2021 do not remediate these new vulnerabilities, and organisations must urgently apply new updates to prevent potential compromise,” Mr Hastie said.

The assistant minister stressed the patch would minimise the risk of email software systems being compromised by threat-actors. He added that the ACSC had already identified Australian organisations had been targeted.

“This is a critically important task for Australian businesses and organisations,” Mr Hastie said.

“People should visit the new alert, available at, to identify the steps outlined by the ACSC and access the Microsoft guidance.”


Why data in the cloud is not always protected by default

About the author
Inline Feedbacks
View all comments