On March 2, Microsoft released patches to address four zero-day vulnerabilities in Microsoft Exchange Server software. Those vulnerabilities, known collectively as ProxyLogon, affect on-premises Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. (Exchange Online, which is part of Microsoft 365, has not been affected.)
This Exchange Server attack is the kind of industry-wide security event that may have even broader implications than the SolarWinds attack. Reports indicated that cybercriminals were already able to breach more than 30,000 organizations due to this active exploitation, and the