The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email. Microsoft has released patches for 129 security bugs in its September Patch Tuesday update. These include 23 critical flaws, 105 that are important in severity and one moderate bug. Fortunately, none are publicly known or under active exploitation, Microsoft said. The most severe issue in the bunch is CVE-2020-16875, which is a memory-corruption problem in Microsoft Exchange that allows remote code-execution (RCE)
Source: https://threatpost.com/microsofts-patch-tuesday-critical-rce-bugs/159044/