We have some Exchange Tools machines that have an CU on them. Unfortunately we cannot install a newer CU on them due to some software dependencies.
Are these machines vulnerable to the Hafnium exploits? There are no Exchange Services running on them at all and there is nothing listening on port 443 and the only website on port 80 is the default website which was created by the tools installation.
I understand there may be vulnerable files on there, I get it. But with the absence of Exchange Services running on these machines, do we have any concerns with the Hafnium Exploit where these machines are involved?