CISA has issued an emergency directive after observing active exploitation of vulnerabilities in Microsoft Exchange on-premises products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.
Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments.
Read the full details here:
Mitigate Microsoft Exchange On-Premises Product Vulnerabilities