The Australian Government is urging businesses to heed the advice of the Australian Cyber Security Centre (ACSC) and update their Microsoft Exchange software in order to protect against newly identified vulnerabilities.
Assistant Minister for Defence Andrew Hastie said it is “critically important” for Australian businesses and organisations to install Microsoft’s April patches due to ongoing cyber attacks by adversaries on the company’s email software systems.
“The ACSC has identified extensive targeting and compromises of Australian organisations with vulnerable Microsoft Exchange deployments,” Mr Hastie said.
On 13 April 2021, Microsoft released security updates to mitigate significant newly discovered remote code execution vulnerabilities that affect Microsoft Exchange Server 2013, 2016 and 2019. The latest vulnerabilities to be identified are CVE-2021-28480 and CVE-2021-28481.
The ACSC has since warned against relying on the March patches, saying they fail to guard against new vulnerabilities and that the new patches are needed to prevent further unauthorised access to email accounts and sensitive information.
“Organisations should apply new patches as soon as possible and also undertake detection steps outlined in Microsoft guidance,” the ACSC said.
“If organisations are unable to resource immediate investigation of potential compromise of their Microsoft Exchange server, Microsoft has published a mitigation tool which organisations can use as a first step to protecting servers. The ACSC also recommends that organisations implement web shell mitigation steps.”
Although Microsoft has said it is “not aware of any active exploits” in a recent blog post, the company recently identified multiple exploits by malicious actors – namely overseas adversary group HAFNIUM – to breach parts of the Microsoft Exchange Server exposed to the Internet.
For more information on these vulnerabilities and the action you should take to secure your systems, visit cyber.gov.au.