It's been three weeks since Microsoft's announcement, and I am still running across clients who are vulnerable to the current on-premise Exchange server exploits.
Not surprisingly, perhaps, many of these same clients are also behind on their Exchange updates, and this raised the bar required to remediate the vulnerabilities.