The bugs were publicly disclosed on March 2, when the Redmond-based tech giant announced not only patches for them, but also the fact that a Chinese threat actor had been actively exploiting them in attacks.
Within days, security researchers revealed that multiple adversaries were quick to pick up exploits for the Exchange bugs, but also that some had been targeting the flaws even before patches were released. The first known exploitation attempt is dated January 3, 58 days before public disclosure.
Over the course of last week, Microsoft released additional fixes for these vulnerabilities, including security updates (SUs) for older and unsupported Exchange Server versions, or Cumulative Updates (CU), as the company calls them.