Overview
- U.S. agencies CISA and NSA, joined by counterparts in Australia and Canada, released detailed guidance for hardening on‑premises Microsoft Exchange Server.
- The document urges rapid patching, multi‑factor authentication, strict transport protections, tight administrative access controls, zero‑trust principles, and migration off end‑of‑life versions.
- CISA said the guide builds on Emergency Directive 25‑02 targeting CVE‑2025‑53786, which can enable lateral movement from on‑prem Exchange into Microsoft cloud environments.
- Independent scans by Shadowserver shortly after the directive still found roughly 29,000 Exchange servers exposed to potential exploitation.
- Experts note the guidance synthesizes existing Microsoft and industry best practices, while Microsoft’s role in producing the document remains unclear.