The Cybersecurity & Infrastructure Security Agency issues an alert addressing several critical vulnerabilities in Microsoft Exchange products. Microsoft confirmed the existence of multiple flaws in the software last week. The vulnerabilities can allow a malicious actor to access on-premises Exchange servers and gain persistent access and control of an enterprise network. CISA recommends organizations examine their systems for any malicious activity as detailed in Alert AA21-062A. The vulnerabilities in question are used as part of an attack chain, meaning some mitigations only protect against some attack vectors.”]