Microsoft released a series of out-of-band security updates this week to address four zero-day vulnerabilities in Exchange Server. The attacks are active and external-facing servers should be updated immediately. The latest security updates from Microsoft addressing these vulnerabilities will install only on Exchange Server 2013 (CU23), Exchange Server 2016 (CU18 or CU19), and Exchange Server 2019 (CU7 or CU8) The next set of cumulative updates coming in March for the three versions of Exchange Server will include these security updates.
Source: https://www.helpnetsecurity.com/2021/03/05/march-2021-patch-tuesday-forecast/