https://www.bleepingcomputer.com/news/security/unpatched-microsoft-exchange-server-flaw-enables-spoofing-attacks/

Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective.

The security flaw (CVE-2024-49040) impacts Exchange Server 2016 and 2019, and was discovered by Solidlab security researcher Vsevolod Kokorin, who reported it to Microsoft earlier this year.