CISA and NSA have issued guidance for securing Microsoft Exchange servers, emphasizing best practices like strong authentication, minimizing attack surfaces, and decommissioning outdated servers, especially after recent vulnerabilities and attacks exploiting Exchange flaws. They recommend migrating to Microsoft 365, enabling multi-factor authentication, applying security patches, and monitoring for suspicious activity to prevent breaches.
CISA has ordered all US federal agencies to urgently patch a critical Microsoft Exchange vulnerability (CVE-2025-53786) by Monday morning, which could allow attackers with admin access to compromise entire domains through hybrid Exchange configurations. Agencies must update their systems and switch to a dedicated hybrid app to prevent potential lateral movement into cloud environments, with non-government organizations also urged to follow suit.
Originally Published 5 months ago — by CISA (.gov)
CISA has issued an emergency directive requiring federal agencies to mitigate a critical post-authentication vulnerability (CVE-2025-53786) in Microsoft Exchange hybrid environments by August 11, 2025, including assessing their systems, updating to the latest CUs, applying hotfixes, disconnecting end-of-life servers, and preparing for API transitions, with ongoing reporting and assistance from CISA.
Originally Published 5 months ago — by CISA (.gov)
CISA warns of a high-severity vulnerability in hybrid Exchange deployments (CVE-2025-53786) that could allow privilege escalation and compromise of the organization's Exchange Online service. Organizations are advised to follow Microsoft's guidance, install hotfix updates, and disconnect end-of-life servers from the internet to mitigate risks.
The Justice Department announced the arrest of Xu Zewei, a Chinese hacker linked to state-sponsored cyber intrusions, including the HAFNIUM campaign targeting U.S. entities and COVID-19 research, with Xu facing multiple charges and extradition proceedings in Italy, highlighting ongoing efforts to combat Chinese cyber espionage.
Over 28,500 Microsoft Exchange servers are vulnerable to a critical privilege escalation flaw (CVE-2024-21410) actively exploited by hackers, with up to 97,000 servers potentially at risk. The flaw allows remote unauthenticated actors to perform NTLM relay attacks, potentially leading to unauthorized access and data breaches. System administrators are urged to apply the necessary updates and mitigations to protect their servers, as the exploitation of this vulnerability can have serious consequences for organizations.
Over 20,000 Microsoft Exchange email servers worldwide, including in Europe, the U.S., and Asia, are exposed on the public internet and vulnerable to remote code execution flaws. These servers are running unsupported software versions that no longer receive updates, making them susceptible to multiple security issues, some of which are critical. Despite available mitigations, the number of outdated Exchange servers has only decreased by 18% since April, leaving many still vulnerable. Companies are urged to prioritize the installation of updates or upgrade to supported versions to mitigate the risks.
The Zero Day Initiative (ZDI) has disclosed four zero-day vulnerabilities in Microsoft Exchange that can be exploited remotely by authenticated attackers to execute arbitrary code or disclose sensitive information. Despite being notified by ZDI, Microsoft has not yet fixed the vulnerabilities. The flaws include deserialization issues and server-side request forgery vulnerabilities.
Four zero-day vulnerabilities in Microsoft Exchange have been disclosed by Trend Micro's Zero Day Initiative (ZDI), allowing attackers to remotely execute arbitrary code or access sensitive information. Despite Microsoft acknowledging the flaws, they deemed them not severe enough for immediate servicing, leading ZDI to publish the vulnerabilities to warn Exchange admins. The vulnerabilities require authentication for exploitation, reducing their severity rating, but cybercriminals have various methods to obtain Exchange credentials. ZDI recommends restricting interaction with Exchange apps and implementing multi-factor authentication as mitigation strategies.
