According to Rapid7, over 350,000 Exchange servers across the globe remain exposed to a critical vulnerability patched by Microsoft in February. The vulnerability is actively exploited in the wild, according to researchers, and over 82% of the 433,464 Exchange servers detected are still vulnerable as of March 24.
The vulnerability, CVE-2020-0688 was discovered by Trend Micro’s Zero Day Initiative and allows for remote code execution on unpatched systems. This can occur if the Exchange Control Panel (ECP) interface is accessible to the attacker and they obtain a working credential for it. Rapid7 has warned affected organizations to update Exchange as soon as possible and to check for compromise.
Read More: Over 350,000 Exchange Servers Exposed to Serious RCE Bug