Yesterday, Microsoft released a security update for Exchange 2016 and Exchange 2019. The update is classified as "Important" and should therefore be installed promptly.
Here is the description of the vulnerability:
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.
Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.
The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.
Source: CVE-2019-0586 | Microsoft Exchange Memory Corruption Vulnerability
In the linked article you will also find the download links to the updates.
Note: Currently the download links don't always seem to work, I just tried it several times and was then able to start the download.
The Exchange vulnerability is probably not yet being exploited. However, the vulnerability has a lot of potential if an exploit is available. See also here:
Source: THE JANUARY 2019 SECURITY UPDATE REVIEW
Many thanks to Dirk for pointing out the update to me, otherwise it would have passed me by.