Many on-premises Exchange servers are being patched, but Microsoft warns that its investigations have found multiple threats lurking on already-compromised systems. Microsoft is raising an alarm over potential follow-on attacks targeting already compromised Exchange servers, especially if the attackers used web shell scripts to gain persistence on the server, or where the attacker stole credentials during earlier attacks.
Link: Exchange Server attacks: Microsoft shares intelligence on post-compromise activities
via http://www.zdnet.com
