Two more zero-day vulnerabilities found in different versions of Microsoft Exchange Server are being exploited in the wild, the company has confirmed.
According to recent customer guidance that Microsoft released for reported zero days, a server-side request forgery (SSRF) flaw, and remote code execution (RCE) flaw, were identified as being used by threat actors.
The vulnerabilities were present in Microsoft Exchange Server 2013, 2016, and 2019 endpoints