The clock started ticking for the sysadmins of the hundreds of thousands of Exchange servers around the world (and their risk officers or CISO’s). Exploits had been seen as early as January, so from March 2 onward the only safe assumption is that an unpatched Exchange server is a breached server.