Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable. The vulnerability in question (CVE-2020-0688) exists in the control panel of Exchange, Microsoft s mail server and calendaring server. The flaw stems from the server failing to properly create unique keys at install time, was fixed as part of the February Patch Tuesday updates. In March, researchers warned that unpatched servers are being exploited in the wild by unnamed advanced persistent threat (APT) actors.
Source: https://threatpost.com/microsoft-exchange-exploited-flaw/159669/