After noticing Chinese cyber-espionage operators chaining several zero-days exploits to the siphon e-mail data, Microsoft has recently raised the security alarm. This is undoubtedly from the corporate Microsoft Exchange servers.
The tech giant’s statement includes the emergency out-of-band patches release for four distinct zero-day vulnerabilities – which formed the part of the cyber attacker’s arsenal.
According to Microsoft, “In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to e-mail accounts, and allowed the installation of additional malware to facilitate long-term access to victim environments.” Hence, it strongly urges users to update their on-premises systems immediately.
Source: SecurityWeek