Microsoft has published an article on Exchange Server and Spectre (speculative execution side-channel). As this is a vulnerability in the processors, Exchange Server is also affected. There are a few things to note. Microsoft writes the following:
As these are hardware level attacks targeting x64-based and x86-based processor systems, all supported versions of Microsoft Exchange Server are impacted by this issue.
Source: Exchange Server guidance to protect against speculative execution side-channel vulnerabilities
In principle, it boils down to installing the already published updates for the operating system; there is no direct update for Exchange Server:
However, it should be noted that there may be a loss of performance after installing the update (see Q4 in the linked article). There may also be problems with some virus scanners, so you should check beforehand whether the virus scanner you are using is compatible. Extensive tests are therefore necessary.
The update should also not be installed in conjunction with AMD processors, as this can lead to problems when starting:
I was not offered to download the update via Windows Update, so I downloaded it from the Windows Update catalog and installed it:
Windows Update Catalog KB4056890
Also important: As the vulnerability affects the processor, the hypervisor (Hyper-V, ESXi, etc.) must also be provided with appropriate updates if the servers are operated as a VM. It is not enough to update only the VM or only the hypervisor. This can also lead to a loss of performance.