Microsoft Exchange is targeted by Storm-1175 via CVE-2023-21529 as part of the campaign’s mail server exploitation vector. This is a known, patched vulnerability; organizations still running Exchange versions predating the addressing cumulative update are at direct ransomware risk from this campaign. Exchange patch currency should be validated immediately for any internet-facing deployments.