Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by attackers in the wild to plunder on-premises machines. The attacks have been going on for nearly two months, possibly even longer, according to Volexity researchers. Huntress Labs says that they’ve identified 176 of their partners’ servers having been saddled with a web shell after having been popped through the vulnerabilities.
Source: https://www.helpnetsecurity.com/2021/03/03/exchange-servers-zero-day/