Based on a Rapid7 survey more than 357 thousand Exchange Servers are vulnerable to a latest RCE vulnerability which allows an attacker to use an Exchange user account to compromise the system) which. The bug responsible resides in the Exchange Control Panel (ECP) which can be used to manage mailboxes, distribution groups, contacts and several other objects at the Organization level.
Microsoft published a security update guide on 02/11/2020 for CVE-2020-0688 and it states that:
Your organization will need to apply the appropriate security updates depending on the software version being used.