Get Permission Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server, one of the most widely used pieces of enterprise infrastructure. The company says it believes the flaws have been exploited by a China-based group it calls Hafnium, which is seeking to gain persistent access to email systems. Microsoft typically issues patches for Windows and other products on the second Tuesday of every month, but it makes exceptions for security vulnerabilities that are deemed particularly dangerous. Although Microsoft describes the attacks as "limited and targeted," there are already indications that many other hacking groups are mounting attacks hoping to catch slow-patching organizations off guard. The flaws appear to have been exploited since at least early January.