A remote code execution vulnerability was found in Microsoft Exchange Server. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially crafted file.

Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Forefront Endpoint Protection 2010
Microsoft Security Essentials
Windows Defender
Windows Intune Endpoint Protection

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

CVE-2018-0986

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/44402

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.