Recently discovered security flaws in Microsoft Exchange Server could allow attackers to access email accounts and steal potentially sensitive information. These flaws are currently being targeted by state-sponsored attackers.

Microsoft has released a security patch that addresses these flaws. Please install the patch as soon as possible. If you work with a managed services partner, contact them right away to ensure that they address this issue immediately.

Affected Products

The newly released patch corrects flaws in the following products.

Microsoft Exchange Server 2013

Microsoft Exchange Server 2016

Microsoft Exchange Server 2019

In addition, Microsoft has released an update to Exchange Server 2010 for "Defense in Depth purposes."

This notice does not apply to Microsoft 365 or Office 365 users.

Learn more at Microsoft's site: Learn More