Tech News
← Back to articles

CISA orders fed agencies to patch new Exchange flaw by Monday

2025-10-31 | original
read original related products more articles

CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM ET.

Federal Civilian Executive Branch (FCEB) agencies are non-military agencies within the US executive branch, including the Department of Homeland Security, Department of the Treasury, Department of Energy, and Department of Health and Human Services.

The flaw tracked as CVE-2025-53786 allows attackers who gain administrative access to on-premises Exchange servers to move laterally into Microsoft cloud environments, potentially leading to complete domain compromise.

The vulnerability impacts Microsoft Exchange Server 2016, 2019, and the Subscription Edition.

In hybrid configurations, Exchange Online and on-premises servers share the same service principal, which is a shared trust relationship used to authenticate with each other.

An attacker with admin privileges on an on-premise Exchange server can potentially forge or manipulate trusted tokens or API calls that the cloud side will accept as legitimate. This technique allows the attackers to spread laterally from the local network into the company's cloud environment, potentially compromising the company's entire active directory and infrastructure.

To make matters worse, Microsoft says cloud-based logging tools like Microsoft Purview may not log malicious activity if it originates from on-prem Exchange, making it hard to detect exploitation.

This flaw comes after Microsoft released guidance and an Exchange server hotfix in April 2025 to support a new architecture that uses a dedicated hybrid application, rather than the shared one, as part of its Secure Future Initiative.

Yesterday, security researcher Dirk-Jan Mollema of Outsider Security demonstrated how this shared service principal could be exploited in a post-exploitation attack during a Black Hat presentation.

The researcher told BleepingComputer that he reported the flaw three weeks before the talk, to give Microsoft advance warning. In coordination with the presentation, Microsoft issued the CVE-2025-53786 CVE and guidance on how to mitigate it.

... continue reading

Related:
Night owl bitcoin traders: Soon there'll be an ETF just for you
Microsoft Teams to warn of suspicious traffic with external domains
This $40 Microsoft Office Deal Delivers Serious Workflow Savings
Microsoft promises to make Windows 11 the best operating system for gaming — says it will focus on background workloads, power and scheduling, graphics stack, and drivers
Microsoft to invest $17.5 billion in India's AI infra as Big Tech bets on country's growth potential

© 2025 GoKawiil