There is some concern that Messaging Gateway (SMG) may be vulnerable to CVE-2023-23397 announced in the Microsoft Monthly Security Update (March 2023).

This does not affect Messaging Gateway as SMG does not use any Microsoft products, including Outlook and/or NTLM.

https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-march-2023

The first zero-day vulnerability fixed is CVE-2023-23397, an elevation of privilege flaw in Outlook that allows specially crafted emails to force a target's device to connect to a remote URL and transmit the Windows account's Net-NTLMv2 hash. “External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim,” Microsoft explained in its advisory. Microsoft also says that the vulnerability was exploited by the state-sponsored Russian hacking group Swallowtail (aka Strontium, APT28, Fancy Bear)