by Nadia Meichtry
Four zero-day vulnerabilities in Microsoft’s Exchange email solution have been fixed through updates released by Microsoft on 2 March 2021. This affects Microsoft Exchange Server, but not Exchange Online. 
The vulnerabilities, three of which have been classified as critical, are actively exploited, most notably by the Chinese hacker group “Hafnium”. The attackers gained access to the servers and were thus able to exfiltrate credentials and emails.