Microsoft issues guidance on how to defend against attacks targeting Exchange servers by blocking malicious activity identified with the help of behavior-based detection. Microsoft researchers based their analysis on multiple campaigns of Exchange attacks investigated during early April which showed how the malicious actors deploying web shells on on-premises Exchange servers were also used as part of these attacks. Microsoft: Attackers exploit a remote code execution vulnerability affecting the underlying Internet Information Service (IIS) component of a target Exchange server. In April, 82.5% of all found Exchange servers unpatched against were not yet patched, with Microsoft previously warning it could be used in ransomware attacks.
Source: https://www.bleepingcomputer.com/news/security/microsoft-attackers-increasingly-exploit-exchange-servers/