Skip to main content
close search
site logo

CISA, Microsoft update guidance on Exchange Server vulnerability

Officials reiterated their belief that hackers were not exploiting the flaw, but nonetheless urged users to immediately check their systems.

Published Aug. 13, 2025
David Jones's headshot
Reporter
Microsoft building with logo
Microsoft updated guidance on Aug. 12, 2025, on a high-severity vulnerability in on-premises Exchange Server. HJBC via Getty Images

The Cybersecurity and Infrastructure Security Agency (CISA) and Microsoft on Tuesday updated their mitigation guidance for a high-severity flaw in Exchange Server.

The flaw, tracked as CVE-2025-53786, could allow an attacker with administrative privileges for on-premises versions of Exchange to escalate privileges by exploiting vulnerable hybrid joined configurations, Microsoft and CISA said last week

In an update on Tuesday, CISA said it still saw no evidence of hackers exploiting the flaw, but it urged organizations to review Microsoft’s updated guidance on identifying Exchange Servers on a network and running the Microsoft Exchange Health Checker. 

In its updated security bulletin, Microsoft said an attacker could potentially escalate privileges from an on-premises server to a connected cloud environment without leaving an “easily detectable and auditable trace.”

Last week, the company urged users of on-premises Exchange servers to download its April 2025 Exchange Server hotfix updates. It also recommended that customers disconnect any internet-connected Exchange or SharePoint servers that have reached end-of-life status. 

“An attacker would need to have obtained a highly privileged role to an on-premises server to attempt this exploitation,” a Microsoft spokesperson told Cybersecurity Dive on Tuesday. “We are deploying mitigations to protect against these risks while following an extensive process involving a thorough investigation, updated developments across all affected versions, and compatibility testing, to ensure maximized customer protection with minimized operational disruption.”

Editors' picks

Company Announcements

View all | Post a press release
Ontic and 360 Privacy Join Forces to Expand Executive Protection with Embedded Digital Privacy…
From 360 Privacy
August 13, 2025
360 Privacy logo
Operant Networks Launches Secure AI Sandbox for MCP, Solving the AI POC-to-Production Gap
From Operant Networks
August 11, 2025
Operant Networks logo
Supporting FIPS and CJIS For Secure IT Support: BeyondTrust Remote Support Remains Compliance-…
From BeyondTrust
July 30, 2025
BeyondTrust logo
Vendict Raises $10M to Reinvent Compliance
From NY Tech's Cyber Division
August 05, 2025
Editors' picks
Latest in Strategy
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.