Microsoft has warned every organisation running Microsoft Exchange Server, that it needs to urgently apply patches.
Microsoft has detected multiple zero-day exploits being used for malicious attacks, currently in a limited and targeted way. These exploits could allow access to email accounts to extract sensitive information, and to install malware to permit future long-term access.
The best place to start is this Microsoft blog, which also links to the Microsoft Security Response Center’s site for details of the updates release, and a scanning tool to check for existing compromises.
If you run your own Exchange Server, I recommend that you take action now. If your MS Exchange Server is hosted, make sure that your provider has applied these patches too.