More than 247,000 Microsoft Exchange servers are yet to be patched against the CVE-2020-0688 post-auth remote code execution (RCE) vulnerability impacting all Exchange Server versions under support. Microsoft addressed the security issue as part of the February 2020 Patch Tuesday and tagged it with an ‘Exploitation More Likely’ exploitability index. Rapid7 also discovered 16,577 Exchange 2007 servers reachable over the Internet, an unsupported Exchange version that did not receive security updates to protect against the vulnerability.
Source: https://www.bleepingcomputer.com/news/security/over-247k-exchange-servers-unpatched-for-actively-exploited-flaw/

