Particle.news
Download on the App Store
12 ARTICLES
·
4d ago

Microsoft and CISA Warn of Critical Hybrid Exchange Vulnerability

Available patches for Exchange Server on-premises precede a temporary block of Exchange Web Services designed to accelerate hybrid app migration.

Image
Image
Microsoft Exchange
Microsoft Exchange vulnerability

Overview

  • CVE-2025-53786 impacts Exchange Server 2016, 2019 and Subscription Edition hybrid deployments by exploiting a shared service principal to escalate privileges in Exchange Online without generating detectable audit logs.
  • Microsoft rates the vulnerability as “Exploitation More Likely” and has released immediate patches and configuration updates despite no confirmed in-the-wild attacks.
  • CISA issued an urgent alert warning that failure to mitigate the flaw could lead to total domain compromise and urged organizations to disconnect public-facing, end-of-life Exchange and SharePoint servers.
  • Recommended mitigations include installing the April 2025 hotfix, deploying Microsoft’s dedicated Exchange hybrid app and resetting the shared service principal’s credentials.
  • Beginning later this month, Microsoft will temporarily block Exchange Web Services traffic over the shared service principal as part of a phased strategy to enforce dedicated hybrid app adoption, with permanent blocks planned by October.