Microsoft has released security updates for four critical vulnerabilities being used to target on-premises versions of Microsoft Exchange Server. The malicious activity is being attributed to a group called Hafnium, which officials believe is state-sponsored and operates out of China.
The zero-days recently exploited include CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Microsoft has urged customers to update their on-premises systems with the patches at the earliest and said these flaws affect Microsoft Exchange Server versions 2013, 2016, and 2019. Exchange Online has not been affected.
To Read More: DarkReading