Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)

Source: Help Net Security

Author: Zeljka Zorz

URL: https://www.helpnetsecurity.com/2025/08/07/exchange-hybrid-deployment-vulnerability-cve-2025-53786/

ONE SENTENCE SUMMARY:

Microsoft highlights a privilege escalation vulnerability in Exchange hybrid deployments, urging transition to dedicated apps for enhanced security.

MAIN POINTS:

1. Attackers can exploit CVE-2025-53786 in Exchange hybrid setups to escalate privileges.
2. Vulnerability arises from shared service principal in Exchange Server and Exchange Online.
3. Microsoft plans to block Exchange Web Services to promote dedicated hybrid app adoption.
4. Dedicated app and Graph API transition planned for greater security.
5. Hotfix updates are available for Exchange Server versions to support dedicated hybrid apps.
6. By October 2025, shared service principals in Exchange hybrids will be permanently blocked.
7. CISA advises following guidelines and using Health Checker for additional security.
8. Public-facing, outdated Exchange servers should be disconnected from the internet.
9. End of extended support for Exchange 2016 and 2019 is October 14, 2025.
10. Microsoft encourages patching and upgrading for better security against Exchange server attacks.

TAKEAWAYS:

1. Transition to dedicated Exchange hybrid apps is crucial for security.
2. October 2025 marks the end for shared service principal usage.
3. Organizations should run Microsoft’s Health Checker for configuration checks.
4. Discontinue outdated, unsupported Exchange and SharePoint servers.
5. Regular patching and upgrading bolster defenses against attacks.