Microsoft Exchange is included in the Storm-1175 Medusa ransomware campaign exploitation cluster via CVE-2023-21529, a remote code execution vulnerability in the on-premises mail platform. Exchange continues to represent a high-priority attack surface for ransomware actors given its prevalence and privileged position in enterprise environments. Confirm CVE-2023-21529 patch status on all on-premises Exchange deployments and ensure Exchange is not directly internet-accessible without perimeter controls.