Microsoft and CISA have issued warnings about a high-severity Exchange Server bug (CVE-2025-53786) that could allow attackers with administrative access to escalate privileges and potentially compromise entire domains, especially in hybrid cloud environments. Organizations are urged to apply the recommended patches and follow security guidance to mitigate the risk of exploitation, which is deemed likely to occur soon.
Microsoft disclosed a high-severity vulnerability in on-premise Exchange Server (CVE-2025-53786) that could allow attackers with admin access to escalate privileges in connected cloud environments, especially in hybrid setups. The flaw, which shares a service principal with Exchange Online, poses risks of undetectable privilege escalation and identity compromise if unpatched. Microsoft recommends applying the latest hotfix, reviewing security configurations, and resetting service principal keys if no longer used. CISA also warns about related malware exploiting recent SharePoint flaws and advises disconnecting outdated or end-of-life Exchange and SharePoint servers from the internet.
Microsoft has issued a warning about a high-severity vulnerability (CVE-2025-53786) in Exchange Server hybrid deployments that could allow attackers to escalate privileges and compromise both on-premises and cloud environments, with potential for total domain takeover. The vulnerability affects Exchange Server 2016, 2019, and Subscription Edition, and Microsoft recommends applying hotfixes and following security guidelines to mitigate risks. Failure to address this issue could lead to significant security breaches, especially as exploit code may be developed for malicious use.
Microsoft has confirmed active exploitation of a critical security flaw (CVE-2024-21410) in Exchange Server, enabling privilege escalation and NTLM relay attacks. The company has released fixes as part of its Patch Tuesday updates, also addressing two other Windows flaws (CVE-2024-21351 and CVE-2024-21412) actively weaponized in real-world attacks. Additionally, a critical vulnerability (CVE-2024-21413) affecting Outlook email software has been patched, allowing for remote code execution by bypassing security measures. Threat actors, including Russian state-affiliated hacking groups, have a history of exploiting such flaws, with details about the current exploitation and threat actors unknown.
Microsoft has warned about a critical vulnerability in Exchange Server, tracked as CVE-2024-21410, which was exploited as a zero-day before being fixed during this month's Patch Tuesday. The flaw allows remote unauthenticated threat actors to escalate privileges in NTLM relay attacks targeting vulnerable Microsoft Exchange Server versions. Microsoft has released Exchange Server 2019 Cumulative Update 14 (CU14) to address this vulnerability and enable NTLM credentials Relay Protections to mitigate authentication relay and man-in-the-middle attacks. Admins are advised to evaluate their environments and review Microsoft's documentation before toggling EP on their Exchange servers to avoid breaking functionality.
Microsoft is automatically enabling Extended Protection (EP) on Exchange servers after installing the 2024 H1 Cumulative Update, aiming to strengthen Windows Server authentication functionality and mitigate authentication relay and man-in-the-middle attacks. Admins are advised to evaluate their environments and review documentation before toggling EP on their servers, with the option to use a provided PowerShell script to manage EP. Microsoft also released a decision flow graph to assist in enabling EP. This move follows the company's previous recommendations to keep Exchange servers up-to-date and ready to deploy emergency security patches.
