If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges. The vulnerability exists in the Exchange Control Panel (ECP), a web-based management interface for administrators, introduced in Exchange Server 2010. Microsoft patched the flaw in February, but researchers say it’s being exploited in the wild by unnamed advanced persistent threat (APT) actors. The attacks first started late February and targeted numerous affected organizations, researchers said. Researchers say they believe these efforts to be sourced from known APT groups due to their IP addresses.
Source: https://threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/