Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Explore

SECTIONS

MORE

search button

Organisations fail to patch Microsoft Exchange vulnerabilities

The Commonwealth has urged organisations to upgrade their cyber infrastructure, with many failing to adequately respond to recent cyber attacks.

user icon Charbel Kadib
Fri, 26 Mar 2021 Government
Organisations fail to patch Microsoft Exchange vulnerabilities
expand image

Earlier this month, the Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) identified “extensive targeting” and compromises of Australian organisations with vulnerable Microsoft Exchange networks.

The ACSC noted that while it is assisting affected organisations with their incident response and remediation, a number of stakeholders are yet to address the issue.

Organisations were urged to patch the following common vulnerabilities and exposures (CVEs):

  • CVE-2021-26855 - server-side request forgery (SSRF) vulnerability in Exchange;
  • CVE-2021-26857 - insecure deserialisation vulnerability in the Unified Messaging service;
  • CVE-2021-26858 - post-authentication arbitrary file write vulnerability in Exchange; and
  • CVE-2021-27065 - post-authentication arbitrary file write vulnerability in Exchange.

However, in a statement released on Thursday (25 March), the federal government revealed that many businesses failed to install the patches.

Assistant Minister for Defence Andrew Hastie urged entities to implement appropriate safeguards and shore-up their defences against future threats.

“The Morrison government’s first priority is to keep Australians safe, including when online, and it is vital that small businesses and organisations take the necessary steps to protect themselves from this vulnerability,” Assistant Minister Hastie said.

“My first priority is to keep Australians safe in both the physical world and online, and to do this I need everyone to listen to these warnings, and follow the advice of the ACSC and strengthen our cyber defences.

“If you use Microsoft Exchange it is critical that you move fast to shut this potential threat down.”

Cyber Daily logo
VIEW ALL

Charbel Kadib

Charbel Kadib

News Editor – Defence and Security, Momentum Media

Prior to joining the defence and aerospace team in 2020, Charbel was news editor of The Adviser and Mortgage Business, where he covered developments in the banking and financial services sector for three years. Charbel has a keen interest in geopolitics and international relations, graduating from the University of Notre Dame with a double major in politics and journalism. Charbel has also completed internships with The Australian Department of Communications and the Arts and public relations agency Fifty Acres

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

Copyright © 2007-2024 MOMENTUMMEDIA
Copyright & DisclaimersPrivacy PolicyTerms & Conditions
momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA