Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago.
All Exchange Server versions up to the last released patch are exposed to potential attacks following these ongoing scans, including those currently out of support even though Microsoft's security advisory doesn't explicitly list them.
The flaw is present in the Exchange Control Panel (ECP) component and it is caused by Exchange's inability to create unique cryptographic keys when being installed.
Once exploited, it allows authenticated attackers to execute code remotely with SYSTEM privileges on an exploited server and fully compromise it.