We see that one of our vulnerabilities is exploited in the wild Link. So we decided to public the detail analysis of our two bug chain. Any customer has enough information to mitigate these bugs. The vendor also released all patches two weeks ago. This blog post shares the detail

VULNERABILITY TITLE Microsoft Exchange Unauthenticated SSRF in Autodiscover frontend service combined with Authentication Bypass in Powershell Backend service and Arbitrary File Write in OAB backend service lead to Remote Code Execution VULNERABILITY SUMMARY The chains of 3 vulnerablity allows remote attackers to write a webshell and execute arbitrary code on