HI anonymous user,
Microsoft products do not ship with Apache Log4j by default, Exchange does not run any services which integrate to the vulnerable component by default.
So you should be safe, for more information see:
If the reply was helpful please don't forget to
accept as answer, thank you!