Microsoft has acknowledged that it is aware of two zero-day vulnerabilities in Exchange Server that have been used in deliberate attacks.
The tech behemoth is developing patches. Two new Microsoft Exchange zero-day vulnerabilities have been used in attacks, according to Vietnam-based cybersecurity firm GTSC. The company thinks a Chinese threat group was behind the attacks, which targeted critical infrastructure and were first observed in August.
Technical information about the flaws is not yet available, but GTSC did note that the threat actor’s post-exploitation activities included the installation of backdoors, lateral movement, and the distribution of malware.