Last Saturday the Cybersecurity and Infrastructure Security Agency issued an urgent warning that threat actors are actively exploiting three Microsoft Exchange vulnerabilities—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. These vulnerabilities can be chained together to remotely execute arbitrary code on a vulnerable machine.

This set of Exchange vulnerabilities is often grouped under the name ProxyShell. Fixes were available in the May 2021 Security Updates issued by Microsoft. (To be more precise, the first two were patched in April and CVE-2021-31207 was patched in May.)