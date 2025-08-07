Vulnerable hybrid-joined configurations could be abused by threat actors for privilege escalation, according to a CISA alert, which urged the immediate application of Microsoft's April 2025 Exchange Service hotfixes and the deactivation of internet connectivity for end-of-life Exchange Server and SharePoint Server instances despite the lack of evidence suggesting active exploitation. Meanwhile, Microsoft has called on organizations to use its new Exchange Hybrid app that enables improved management of cloud and on-premises instances as it mulls to prohibit Exchange Web Services traffic in the shared service principal for the time being. "All organizations are strongly encouraged to implement Microsoft guidance to reduce risk," said Acting CISA Executive Assistant Director for Cybersecurity Chris Butera.
Total system compromise possible with new Microsoft Exchange flaw
(Adobe Stock)
Organizations have been warned by the Cybersecurity and Infrastructure Security Agency and Microsoft regarding the high-severity Microsoft Exchange vulnerability, tracked as CVE-2025-53786, which could allow attackers to transition from on-premises to cloud iterations of the software to facilitate complete system compromise, reports Cybersecurity Dive.
