The MS Exchange - World-Wide Exploitation | blog,zeroday,offensivesecurity | Control Gap
For organizations running on-premise Microsoft Exchange servers, we want to make you aware of four severe zero-day vulnerabilities announced on March 2nd, 2021. Attackers are using these vulnerabilities to obtain SYSTEM level access, execute arbitrary code, gain Domain level access, steal information, and install ransomware. The announced CVEs impact most versions of Exchange server but do not impact organizations utilizing Exchange Online or Microsoft 365 (M365). If your organization uses Microsoft Exchange 2010, 2013, 2016, or 2019, Microsoft strongly urges that you apply security patches immediately to reduce the threat of compromise [1].