CISA: Immediate Microsoft Exchange flaw remediation crucial

All Federal Civilian Executive Branch agencies have been ordered by the Cybersecurity and Infrastructure Security Agency to address the high-severity on-premises Microsoft Exchange flaw, tracked as CVE-2025-53786, by Monday morning, reports BleepingComputer. Technical details on remediating the vulnerability, which could be leveraged to facilitate lateral movement across cloud environments and result in total domain compromise, should also be provided by FCEBs by the end of the day, according to CISA, which also called on all other organizations to apply the necessary mitigations to prevent hybrid environment breaches. While Microsoft Exchange Server clients that have implemented Microsoft's April hotfix and guidance are no longer threatened by potential attacks involving the bug, all remaining vulnerable instances should not only be installed with the hotfix and the latest cumulative updates but also be tested with Microsoft's ConfigureExchangeHybridApplication.ps1 PowerShell script. "Only applying the hotfix is not sufficient in this case, there are manual follow-up actions required to migrate to a dedicated service principal. The urgency from a security point of view depends on how much admins consider isolation between on-prem Exchange resources and cloud-hosted resources important," said Outsider Security researcher Dirk-Jan Mollema, who detailed the potential exploitation of the flaw at Black Hat USA 2025.