Particle.news

Download on the App Store

CISA Orders Federal Agencies to Patch Microsoft Exchange Hybrid Flaw by Monday

A coordinated advisory compels federal agencies to finish hotfix installations; deploy a dedicated Exchange hybrid application; reset the shared service principal by Monday to guard against undetected privilege escalations.

Image
Image
Image
Microsoft Exchange

Overview

  • CVE-2025-53786 stems from hybrid deployments sharing a single service principal, enabling attackers with on-premises Exchange admin access to forge tokens and elevate privileges in Exchange Online.
  • CISA Emergency Directive 25-02 compels all federal civilian agencies to complete technical remediation by 9:00 AM ET Monday and submit compliance reports by 5:00 PM ET to avoid potential disciplinary measures.
  • Microsoft rates the flaw “Exploitation More Likely” and cautions that on-premises attack traffic may bypass Microsoft 365 audit logs, hindering detection of illicit privilege escalations.
  • Immediate mitigation steps include installing Microsoft’s April 2025 hotfix, deploying a dedicated Exchange hybrid application and resetting the shared service principal’s keyCredentials.
  • Microsoft will begin temporarily blocking Exchange Web Services traffic under the shared service principal this month, enforce a permanent block on October 31 and complete the transition to Graph API–based hybrid integration by October 2026.