Skip to content
Gastronomic-Paradise

Unpatched Microsoft Exchange Vulnerability Persists in 29,000 Servers

Multitude of Microsoft Exchange servers (approximately 29,000) stay unprotected against a flaw, exploitation of which could enable assailants to wrestle command over entire domains.

 and  Administrator
2 min read
Unpatched Microsoft Exchange Servers persist in number, totalling 29,000.
Unpatched Microsoft Exchange Servers persist in number, totalling 29,000.

Unpatched Microsoft Exchange Vulnerability Persists in 29,000 Servers

Urgent Action Required: Thousands of Vulnerable Exchange Servers Ahead of Government Deadline

A critical vulnerability in Microsoft Exchange Server, tracked as CVE-2025-53786, has been discovered and could pose a significant risk if not addressed promptly. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-02, ordering all Federal Civilian Executive Branch agencies to mitigate the flaw by 9:00am EDT on August 11.

This vulnerability allows attackers with administrative access to on-premises Exchange servers to escalate privileges in connected Microsoft 365 environments. Threat monitoring group Shadowserver has found 29,098 vulnerable servers worldwide, with the countries most affected being the US, China, and Germany.

To address the issue, agencies must apply the latest cumulative updates (CU14 or CU15 for Exchange 2019, CU23 for Exchange 2016) and the April 2025 hotfix. Microsoft disclosed the flaw last week and has issued a hotfix under its Secure Future Initiative. The update replaces the insecure shared identity model used between on-premises and cloud Exchange services with a dedicated hybrid application in Microsoft Entra ID.

CISA urges all organisations to inventory their Exchange environments using Microsoft's Health Checker script. Elad Luz, head of research at Oasis Security, recommends implementing modern identity management practices, strong governance, and proactive security controls to reduce risks associated with non-human identities. James Maude, field CTO at BeyondTrust, explains that having visibility of the true privilege of all identities, human and non-human, is of ever-increasing importance as NHIs, including AI, rapidly outpace human identities in scale and privilege.

With thousands of servers still exposed just hours before the government's deadline, there is a risk that the flaw could be quickly weaponized if patching and security measures are delayed. It's crucial for organisations to take immediate action to protect their Exchange servers and associated Microsoft 365 environments.

Read also:

Related

Latest