How does the vulnerability detection logic work after identifying the Exchange version?

Vulnerability detection relies on comparing the Exchange version's release date (which can be looked up from Microsoft's build numbers page) against the patch dates of known CVEs. If the identified version's date is earlier than a specific patch date, the Exchange is considered vulnerable to that CVE. The implementation stores version and vulnerability data in lists and performs date comparisons. The same article provides open-source code for automating this process.