The U.S. government is mandating patching for four serious security vulnerabilities in Microsoft Exchange Server. Security firms report escalating numbers of related campaigns led by sophisticated adversaries against a range of high-value targets. The attacks are being carried out in part by a China-linked advanced persistent threat (APT) called Hafnium, Microsoft said. The vulnerabilities only exist in on-premise versions of Exchange Server, and don t affect Office 365 and virtual instances, yet despite the move to the cloud, there are plenty of physical servers still in service.
Source: https://threatpost.com/cisa-federal-agencies-patch-exchange-servers/164499/