Microsoft has issued out-of-band patches for several Exchange Server vulnerabilities. Four of these vulnerabilities, according to the company, are already being used in targeted attacks, so it would be wise to install the patches ASAP.
What’s the risk?
The four most dangerous vulnerabilities already being exploited allow attackers to pull off a three-stage attack. First they access an Exchange server, then they create a Web shell for remote server access, and lastly they use that access to steal data from the victim’s network. The vulnerabilities are: