At this time there are now multiple exploits available for CVE-2020-0688 which allows for Remote Code Execution on servers running a vulnerable version of Microsoft Exchange. This code is executed as SYSTEM and the CVSS score for this vulnerability is 9.0 HIGH. Authentication is required, however, due to Outlook Web Access this could be easy to acquire depending on the size of the organization and what authentication methods are in place.
Patches are available and should be rolled out if a vulnerable version of Microsoft Exchange Server 2010, 2013, 2016, or 2019 is in use in your environment.
More reading and resources here: