Despite Exchange 2010 not being affected by the #privexchange PoC in my testing, Microsoft has listed Exchange 2010 in their new advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190007 …
Perhaps they know of a variant that affects 2010.
Still no update at this time, so be sure to apply workarounds!
I've finally received info from Microsoft and have updated the vul note. CVE-2019-0686 - Exchange attempts to NTLM authenticate PushSubscriptionRequest() targets CVE-2019-0724 - Exchange has too many privileges The PoC doesn't work with 2010, but MS changed its behavior anyway.