Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
The updates fixes the following Remote Code Execution Vulnerabilities;
Only CVE-2021-31207 is currently publicly disclosed but none of the them are exploited. The Exploitability Assessment is rated: Exploitation Less Likely.
View: Exchange Blog: Released: May 2021 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 13, 2021 (KB5001779)
Download: Security Update for Exchange 2019 CU8 and CU9
Download: Security Update for Exchange 2016 CU19 and CU20
Download: Security Update for Exchange 2013 CU23