Threat actors could still compromise 29,098 Microsoft Exchange Server instances impacted by the critical hybrid vulnerability, tracked as CVE-2025-53786, by Sunday, despite a Thursday alert from the Cybersecurity and Infrastructure Security Agency ordering the immediate remediation of the security issue, according to SiliconANGLE.
Most of the Exchange servers exposed to the flaw were in the U.S., which accounted for almost a quarter of all unpatched instances, followed by Germany and Russia, reported the Shadowserver Foundation. While all federal agencies were previously urged by CISA to not only implement issued patches and disconnect obsolete servers but also leverage Microsoft's Health Checker Script for Exchange environment inventory, other organizations should also follow suit, said Black Duck Software Infrastructure Security Practice Director Thomas Richards. "Patching the server is not enough and since it is difficult to detect compromise, Microsoft has provided actions for teams to take to make sure any compromised trust tokens are rotated. This is essential for teams to follow for a full remediation and to ensure uncompromised trust in software," Richards added.
Most of the Exchange servers exposed to the flaw were in the U.S., which accounted for almost a quarter of all unpatched instances, followed by Germany and Russia, reported the Shadowserver Foundation. While all federal agencies were previously urged by CISA to not only implement issued patches and disconnect obsolete servers but also leverage Microsoft's Health Checker Script for Exchange environment inventory, other organizations should also follow suit, said Black Duck Software Infrastructure Security Practice Director Thomas Richards. "Patching the server is not enough and since it is difficult to detect compromise, Microsoft has provided actions for teams to take to make sure any compromised trust tokens are rotated. This is essential for teams to follow for a full remediation and to ensure uncompromised trust in software," Richards added.
