Here is a blog from Microsoft, it said: ProxyShell vulnerabilities and your Exchange Server
Your Exchange servers are vulnerable if any of the following are true:
- The server is running an older, unsupported CU (without May 2021 SU);
- The server is running security updates for older, unsupported versions of Exchange that were released in March 2021; or
- The server is running an older, unsupported CU, with the March 2021 EOMT mitigations applied.
In all of the above scenarios, you must install one of latest supported CUs and all applicable SUs to be protected. Any Exchange servers that are not on a supported CU and the latest available SU are vulnerable to ProxyShell and other attacks that leverage older vulnerabilities.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.