Released: March 2021 Exchange Server Security Updates

Regarding your reply to EddieRowe  "Exchange 2010 is not vulnerable to the same attack chain as Exchange 2013/2016/2019, but there is a vulnerability that we have addressed for Exchange 2010 and our recommendation is to install the update."

What exactly does this mean?

I discovered that, like the Exchange Health script mentioned in the blog post, the scripts linked to below are also incompatible with Exchange 2010:

Update [03/04/2020]: The Exchange Server team released a script for checking HAFNIUM indicators of compromise (IOCs). See https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log.

Not only are those scripts incompatible with Exchange 2010, but both the code of the scripts and the the manual methods described seem to be pointing to a completely different logging filestructure (and, presumably architecture) meant to scan exchange 2013 through 2019. I can't even modify the code to point to different relative paths or registry entries to query for said paths. Nothing lines up.

My question is,

Given your reply to Eddie, does that mean that CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 do not apply to exchange 2010?

• IF any of them DO apply, In order to locate IOCs, should I be trying to figure out the equivalent logs and perhaps even logging formats etc on my exchange server on my own to look for the same activity? With the assumption that we might have been compromised with the same end results, but with another "attack chain"? 
• IF NONE of those CVEs apply, what CVEs DO apply? What is the vulnerability? Is it active and in the wild already? And what exactly should I be looking for and in what logs, etc?

It is my responsibility to my company and co-workers to do whatever due diligence must be done to discover if we have been compromised after a zero-day notification like this applies to our environment. As it stands I have no idea what I am looking for.

Thanks!