Microsoft has released security updates for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
All versions (Cumulative Update levels) are impacted. ...
Updated Aug 05, 2021
Version 15.0
Blog Post
Hi Exchange team
I've checked a few servers across different domains that no longer run Exchange locally (all migrated to M365 in the past).
These domains would all have had Exchange 2003, 2007, 2010 etc gracefully uninstalled several years ago after the last exchange server was shutdown.
It seems ALL of these domains are still vulnerable to the schema exploit even though Exchange was removed as the published exploit script creates the user.
What are these companies supposed to do in order to patch their domain as there is no Exchange installed to patch?
I would also suggest this is a major issue to be communicated publicly as many companies will be in this position and do not realize they have a vulnerable schema in their AD due to having Exchange installed in the past.