Microsoft Discloses Critical Zero-Day Vulnerability in On-Premises Exchange Server

Microsoft reported a severe zero-day vulnerability affecting on-premises installations of Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition. The flaw impacts all supported versions of these products, though no specific CVE ID, exploitation details, or patch release date were disclosed in the notice. The vulnerability is confined to on-premises deployments, excluding cloud-based Exchange Online services. No additional technical specifics, such as attack vectors or observed exploitation, were provided in the available content. The disclosure emphasizes the urgency for organizations running affected versions to monitor updates from Microsoft.