Particle.news
Download on the App Store
17 ARTICLES
·
2h ago

Microsoft Issues August Patches for Exchange Hybrid Flaw as Thousands Remain Exposed

Organizations must apply August updates alongside credential rotations to block on-premise breaches from spreading into cloud environments.

Image
Over 29,000 Microsoft Exchange Servers Unpatched Leaving Networks at Risk
Image
Patch Tuesday: Microsoft Fixes 107 Vulnerabilities, Including 13 RCE Flaws

Overview

  • Microsoft’s August Patch Tuesday release addresses more than 100 vulnerabilities, including CVE-2025-53786 for Exchange hybrid deployments and a publicly disclosed Windows Kerberos zero-day (CVE-2025-53779).
  • CISA’s Aug. 11 Emergency Directive deadline for federal agencies to remediate the Exchange hybrid vulnerability has passed despite Shadowserver scans showing about 29,000 servers unpatched just before the cutoff.
  • Microsoft and CISA report no confirmed in-the-wild exploitation of the Exchange hybrid flaw so far, but security researchers warn reliable exploit code could be developed soon.
  • Microsoft advises that patching alone is insufficient and recommends deploying a dedicated hybrid app, rotating shared service principal credentials and disconnecting unsupported servers.
  • Recent on-premises SharePoint attacks leveraging zero-day chains highlight the risk of post-compromise vulnerabilities enabling stealthy cloud takeovers.