Attackers were attempting to exploit the flaw to distribute the Emotet, Trickbot and Bazaloader malware.
Starting in February 2020, attackers have leveraged weaknesses that occur “by design” in OAuth 2.0 implementations from Microsoft and GitHub.
Microsoft has disrupted "a key piece of infrastructure" used by the China-based threat group known as Nickel or APT15.
Researchers have uncovered malware samples that are targeting a local privilege escalation flaw in Windows Installer.
The Exchange Server flaw is one of 55 vulnerabilities fixed in Microsoft's Patch Tuesday update.