Microsoft patched the PrivExchange privilege escalation vulnerability which affected Microsoft Exchange Server 2010 and newer installations where Exchange Web Services and Push Notifications were enabled. Microsoft advises all Exchange customers to reset their servers’ credentials from Active Directory after applying the update rollup or the cumulative update. To this date, Redmond does not have knowledge of any instances where Exchange servers have been compromised in the wild by exploiting this security issue. Microsoft published the ADV190007 security advisory with a list of steps to be followed as a workaround.
Source: https://www.bleepingcomputer.com/news/security/microsoft-patches-privexchange-vulnerability-in-february-quarterly-updates/