Microsoft issued a critical security update fixing a remote code execution flaw in Exchange Server. More than half of these mail servers in use remain vulnerable to exploits, according to the security firm Rapid7. The security flaw exists in Exchange server when server fails to properly create unique keys at install time. Nation-state attackers and crime gangs continue to scan for these types of vulnerabilities, says Chris Yule, director of the threat research capability at cybersecurity firm Secureworks. The fix needs to be installed on any server with the Exchange Control Panel enabled.”]
Source: https://www.cuinfosecurity.com/thousands-exchange-servers-still-lack-critical-patch-a-15105