More than half of Exchange servers were fixed, after the Federal Office for Information Security's (BSI) warning and Microsoft's patch issue.
However more than 25,000 systems still need to be fixed, BSI chief Arne Schoenbohm said.
"The warning has worked. In Germany, many Exchange servers have been secured by downloading patches. Every vulnerable system is one too many and can lead to harm."
In a 14-page report on the Microsoft vulnerability, the BSI said hackers' behaviour exploiting it had changed since it was publicly revealed.
Initially, most targets had been think tanks, universities, non-governmental organisations, law firms and defence companies - mostly in the United States.
"Now, these exploits are being deployed at mass scale against thousands of targets - apparently worldwide", the report said.
According to researchers at cybersecurity company ESET, at least ten different hacking groups were using the latest flaw in Microsoft's mail server software to break into targets around the world. In Germany, two federal authorities were affected by the hack, the BSI said, declining to say which.