Microsoft published security fixes for the issue described in bulletin MS17-105. Fixes have been released for the following product levels:
- Exchange 2013 SP1, kb4013242, 15.0.847.53
- Exchange 2013 CU14, kb4013242, 15.0.1236.6
- Exchange 2016 CU3, kb4013242, 15.1.544.30
You are reading it correctly: the later Cumulative Updates are not affected. Earlier builds will not receive a security fix, as support is provided up to N-2 generation builds. Reason for Exchange 2013 SP1 being in there is that Service Packs are on a different support scheme.
Note that this Rollup or security fix replaces MS16-108 (kb3184736) – you can install MS13-105 over installations containing this security fix (no need to uninstall it first).