<img height="1" width="1" src="https://www.facebook.com/tr?id=3212881575388825&amp;ev=PageView &amp;noscript=1">

On March 2, 2021, Microsoft released details on multiple zero-day exploits being used to attack on-premises versions of all Microsoft Exchange Servers. Threat actors used existing and new vulnerabilities to access these servers, which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft is tracking the four actively exploited zero-day vulnerabilities as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

For more details, see Microsoft's post