Yes, absolutely!
Install the patch immediately to block the exploit.
then test to see if you are compromised:
https://github.com/microsoft/CSS-Exchange/tree/main/Security
Then once you have things settled down, go straight to CU20 which has the security patch included in it:
https://support.microsoft.com/en-us/topic/cumulative-update-20-for-exchange-server-2016-98964463-f7df-4131-6b8c-4f46dafc748e