Microsoft indicated that a group of hackers linked to China entered the Exchange email system and installed additional malware to access its users' devices.
The company calls for software patches for all four vulnerabilities to be lowered.
The version of the cloud-based service was not affected.
Microsoft said it believes the attackers belong to the Hafnium group.
The Chinese authorities indicated that they oppose any type of cyberattack.