On March 2, 2021, Microsoft released a security update addressing several 0-day exploits targeting on-premises Microsoft Exchange servers, revealing four remote code execution vulnerabilities, identified as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Microsoft urged users to patch their systems promptly due to active threats exploiting these vulnerabilities, with adversaries aiming to obtain credentials, maintain persistence, conduct reconnaissance, and steal data. Elastic Security corroborated these findings, identifying indicators of compromise (IoCs) and offering a technical overview of their Elastic Endpoint and Elastic Endgame capabilities on their Discuss forum, which outlines eight existing and two new Elastic Endpoint rules, six existing Elastic Endgame rules, and three additional EQL queries to detect attack patterns. They also provided a list of five IoCs based on telemetry observations and encouraged users to visit their forum for comprehensive details.