Even if an Exchange account has multi-factor authentication enabled, an attacker could use this vulnerability to compromise email accounts.
Microsoft has released security updates for its Exchange on-premises email server software that businesses should take on board.
Four vulnerabilities in on-premises Exchange server software were exploited, and now Microsoft has warned that a newly patched flaw is also under attack. The China-based attackers accessed Exchange Servers through the four bugs or stolen credentials, allowing them to create web shells (a command-line interface) to remotely communicate with the infected computer. Web shells are handy for attackers because they can survive on a system after a patch and need to be manually removed.
Microsoft confirmed that two-factor authentication (2fa) wouldn’t necessarily protect against attackers exploiting the new Exchange flaws, particularly if an account has already been compromised.