The Australian Cyber Security Centre (ACSC) has issued urgent advice for local organisations to patch new vulnerabilities discovered in the Microsoft Exchange systems.
A patch to mitigate ‘significant’ new vulnerabilities discovered in Microsoft Exchange 2013, 2016 and 2019 was released on Tuesday.
The ACSC has advised local organisations to apply the patch released this week as a matter of urgency.
Assistant minster for defence Andrew Hastie said that any Microsoft patch released prior to April this year did not cover the new vulnerabilities.
“Patches previously released by Microsoft in March 2021 do not remediate these new vulnerabilities, and organisations must urgently apply new updates to prevent potential compromise,” Mr Hastie said.
The assistant minister stressed the patch would minimise the risk of email software systems being compromised by threat-actors. He added that the ACSC had already identified Australian organisations had been targeted.
“This is a critically important task for Australian businesses and organisations,” Mr Hastie said.