Technology Services and Security Secretary Curt Wood alerted local leaders on March 6 that cities and towns using an on-site Microsoft Exchange server are vulnerable to state-sponsored hackers from China who have been able to infiltrate the servers to steal emails, address books and other information.

On March 4, the federal Cybersecurity and Infrastructure Security Agency issued an update to an earlier alert regarding critical vulnerabilities in Microsoft Exchange servers.

CISA said it is aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers and advises entities to investigate for signs of a compromise from at least Sept. 1, 2020.

CISA recommends that local governments review the updated Alert and the Microsoft Security Update and apply the necessary updates as soon as possible — or disconnect vulnerable Exchange servers from the internet until the necessary patch is made available.

White House spokeswoman Jen Psaki said late last week that the Microsoft breach “is an active threat” and that the Biden administration is “concerned that there are a large number of victims.”

Questions, feedback or incidents related to these products should be reported to CISA at or 888-282-0870.