Microsoft has released security updates for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
All versions (Cumulative Update levels) are impacted. ...
Updated Aug 05, 2021
Version 15.0
Blog Post
If it helps anyone, I recently installed these updates for Exchange 2013 CU23 and we DID NOT have an expired OAuth certificate. The update still broke OWA and ECP and I had to complete the steps in the article to renew the OAuth cert and reset associated AppPools. After renewing the cert, and running Get-AuthConfig on each Exchange server I could see the certificate thumbnail attribute returned was that of the new certificate so the new certificate had propagated to all Exchange servers within a couple of minutes. Checking OWA and ECP again they still weren't working however. Left it for 60mins and tried again and they were both now working.
So, even when you DON'T have an expired OAuth certificate, installing the patches breaks something to do with this and you will need to renew them anyway as part of the install. And even when you renew and check the certificate is present on all servers, something still takes 60mins or so in the background before the problem is fixed.
Go figure. I tweeted MSExchange Team and there are lots and lots of others reporting the same but MS have not officially acknowledged this issue yet.