Microsoft has released Security Updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
SUs are available in a self-extracting auto-elev...
Updated May 08, 2023
Version 22.0
Blog Post
skear1365, as a general rule, you always want to patch first and then look for indicators or compromise. So, deploy the Outlook update ASAP, and then see if you've been targeted by it.
cchris, we mention two updates in this post: one for Exchange Server, and one for Outlook on Windows. Both need to be applied. The only difference is that Exchange Server customers need both the Exchange Server patch, and if they use Outlook on Windows, the Outlook patch. Whereas Exchange Online customers only need the Outlook on Windows patch (if they use it). But both Exchange Server and Exchange Online customers can use the script we released to scan their mailboxes for indications of compromise.