TLP Rating: Clear 
Urgent Microsoft Exchange security update released.
CERT Vanuatu (CERTVU) and the Office of the Chief Information was alerted of this vulnerabilities by its international partners.
The CERTVU office would like to advise it’s constituents on possible critical vulnerabilities in Microsoft Exchange. Microsoft has released an urgent update for Exchange Server due to response to Exchange Servers being actively attacked by a sophisticated threat actor. Institutions and companies running Microsoft Exchange Servers are urged to patch these servers immediately.
What it means
Attackers are exploiting multiple vulnerabilities to gain access to Exchange Servers with SYSTEM privileges which can also lead to data exfiltration and network compromise.
Which Microsoft Exchange systems are Vulnerable?
The below Exchange Server versions affected:
MS Exchange 2010, MS Exchange 2013, MS Exchange 2016 and MS Exchange 2019.
Prevention
Immediately apply updates from Microsoft for the affected MS Exchange Server versions
References
1. https://www.cert.govt.nz/it-specialists/advisories/urgent-microsoft-exchange-securityupdate/?fbclid=IwAR3EAKTysVPPO9qmlkwyDy8d7LI6rJQzwk42N1iZWFMDmLj6sVPvZ Q-CgVQ
2. https://www.cert.govt.nz/it-specialists/advisories/urgent-microsoft-exchange-security-update/?fbclid=IwAR3EAKTysVPPO9qmlkwyDy8d7LI6rJQzwk
- Download advisory (English): Urgent Microsoft Exchange security update released
- Download advisory (Bislama): Ejen sekuriti apdeit blong Microsoft Exchange we oli rilisim.
- Download advisory (French): Publication d'une mise à jour urgente de la sécurité pour Microsoft Exchange