Dear TechSoup member,
TechSoup is reaching out to all nonprofits, including your nonprofit, that have requested Microsoft Exchange Server products from our catalog to highlight a serious security issue that may impact you.
Recently discovered security flaws in Microsoft Exchange Server could allow attackers to access email accounts and steal potentially sensitive information. These flaws are currently being targeted by state-sponsored attackers.
Microsoft has released a security patch that addresses these flaws. Please install the patch as soon as possible. If you work with a managed services partner, contact them right away to ensure that they address this issue immediately.
Affected Products
The newly released patch corrects flaws in the following products.
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
In addition, Microsoft has released an update to Exchange Server 2010 for "Defense in Depth purposes."
This notice does not apply to Microsoft 365 or Office 365 users.
Your Organization May Be Targeted
Microsoft believes that a group associated with a nation state is behind these attacks. According to Microsoft, this group is specifically targeting organizations — including NGOs and nonprofits — that deal with sensitive issues, including disease research, law, and public policy.
Take Action and Protect Your Organization
To learn more about this attack, get details about the new security patch, and determine whether your systems may have been compromised, see Microsoft's latest blog post on the topic.
For information on Exchange Server and guidance on applying updates and patches, please refer to Microsoft's Exchange Server Documentation.