As of March 2021, Microsoft have released a blog article which talks about a set of out of band security updates for vulnerabilities with their Exchange server products. Two KB articles address these also which are KB5000978 and KB5000871.
To cut the long story short, if you are running one of the following below, please ensure that those products are patched up to date. It doesn’t also hurt to keep your OS patched too.
The following products are at risk:
- Exchange 2010 SP3
- Exchange 2013 CU23
- Exchange 2016 CU18
- Exchange 2016 CU19
- Exchange 2019 CU7
- Exchange 2019 CU8