Microsoft has released Security Updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
SUs are available in a self-extracting auto-elev...
Updated Dec 01, 2022
Version 9.0
Blog Post
@MarcelWie - I note that the AV exclusions guidance hasn't been updated.
There is an assumption that you removed the mitigation. I'm not sure if that is correct, but I did not remove it.
If your AV exclusions match the published guidance, w3wp.exe should not even have been scanned. Defender is scanning the file, not a connection attempting to reach the file. You may want to double check your exclusions as if they are correct, it could indicate that they are not being honoured by Defender.
The slide deck for MEC Exchange Tips and Tricks was not published along with others, but can be seen at https://techcommunity.microsoft.com/t5/video-hub/microsoft-exchange-tips-amp-tricks/ba-p/3633030
The whole video is worth watching, but in respect to AV, skip to 33:30
It IS stated that the guidance would be updated (but it hasn't yet - ScottSchnoll) and that testing has been performed on Exchange 2019 but SHOULD be applicable to Exchange 2013 and Exchange 2016 and to let MS know if issues are encountered. My environment is Exchange 2016. I either have an infected executable (that should be protected) or a false flag.