Microsoft Releases Out-of-Band Security Update for Exchange

Microsoft released an emergency patch for three remote code execution vulnerabilities for Exchange Server 2013, 2016 and 2019. The vulnerabilities allow an attacker to take control of the server and/or obtain access to sensitive information. These vulnerabilities are being exploited in the wild, hence the emergency patch. Read the details here.

Oh, yeah, it is being exploited by the Chinese according to Brian Krebs.

And, CISA has issued an EMERGENCY directive to immediately examine all Exchange servers forensically, collect artifacts, look for indicators of compromise, disconnect the server(s) from the network if compromise is indicated and report that to CISA. If needed rebuild all servers and apply patches. This must be done by Noon Eastern time Friday March 5^th. CISA Directive.

Given all of the above, if you are running Exchange servers, you definitely need to jump on this. The reason CISA issues emergency directives is because they are currently seeing attacks in the wild.