Microsoft has released security updates for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
All versions (Cumulative Update levels) are impacted. ...
Updated Aug 05, 2021
Version 15.0
Blog Post
Nino_BilicThanks Nino. For the /pepareschema step, I think I figured this out. Here is what I did:
1. download the ISO file for Exchange 2016 CU21 (6.6GB):
https://www.microsoft.com/en-us/download/confirmation.aspx?id=103242
2. Mount this ISO file on a server logged in as a domain admin/schema admin
3. Open an elevated command prompt, cd to the mounted ISO directory and run the command: setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
After doing this, the domain schema is no longer exploitable.
I really think there are a huge amount of companies out that that have no clue they are vulnerable to this exploit and they need to go through this process manually.