<div dir="ltr"><br><div class="gmail_quote gmail_quote_container"><br><br><u></u>
<div>
<table width="700" border="0" cellspacing="0" cellpadding="0" align="center">
<tbody><tr>
<td>
<a name="m_4471078783392165702_gd_top" id="m_4471078783392165702gd_top"></a>
<p><img src="https://content.govdelivery.com/attachments/fancy_images/USDHSCISA/2020/06/3486054/05152023-gov-delivery-banner-copy_original.png" alt="Cybersecurity and Infrastructure Security Agency (CISA)" title="" width="600" height="100"></p>
<p>You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated and is now available.</p>
<div style="margin-bottom:2em">
<div style="font-weight:bold;font-size:120%;margin:0 0 0.3em;padding:0"><a href="https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments?utm_source=MSFTHybrid&utm_medium=GovDelivery" rel="noopener" target="_blank">Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments</a></div>
<div style="font-size:90%;font-style:italic;color:#666666;margin:0 0 0.3em;padding:0">08/06/2025 8:30 PM EDT</div>
<div style="margin:0 0 0.3em;padding:0">
<p><b><i>Note:</i></b><i> This Alert may be updated to reflect new guidance issued by CISA or other parties.</i></p>
<p>CISA is aware of the newly disclosed high-severity vulnerability, <a href="https://www.cve.org/CVERecord?id=CVE-2025-53786" target="_blank">CVE-2025-53786</a>, that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. This vulnerability, if not addressed, could impact the identity integrity of an organization’s Exchange Online service.</p>
<p>While Microsoft has stated there is no observed exploitation as of the time of this alert’s publication, CISA strongly urges organizations to implement Microsoft’s <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786" target="_blank">Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability</a> guidance outlined below, or risk leaving the organization vulnerable to a hybrid cloud and on-premises total domain compromise.</p>
<ol>
<li>If using Exchange hybrid, review Microsoft’s guidance <a href="https://techcommunity.microsoft.com/blog/exchange/exchange-server-security-changes-for-hybrid-deployments/4396833" target="_blank">Exchange Server Security Changes for Hybrid Deployments</a> to determine if your Microsoft hybrid deployments are potentially affected and available for a Cumulative Update (CU).</li>
<li>Install Microsoft’s <a href="https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471" target="_blank">April 2025 Exchange Server Hotfix Updates</a> on the on-premise Exchange server and follow Microsoft’s configuration instructions <a href="https://learn.microsoft.com/en-us/Exchange/hybrid-deployment/deploy-dedicated-hybrid-app" target="_blank">Deploy dedicated Exchange hybrid app</a>.</li>
<li>For organizations using Exchange hybrid (or have previously configured Exchange hybrid but no longer use it), review Microsoft’s <a href="https://learn.microsoft.com/en-us/Exchange/hybrid-deployment/deploy-dedicated-hybrid-app#service-principal-clean-up-mode" rel="noopener" target="_blank">Service Principal Clean-Up Mode</a> for guidance on resetting the service principal’s <font face="courier new,courier">keyCredentials</font>.</li>
<li>Upon completion, run the <a href="https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/" target="_blank">Microsoft Exchange Health Checker</a> to determine if further steps are required.</li>
</ol>
<p>CISA highly recommends entities disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet. For example, SharePoint Server 2013 and earlier versions are EOL and should be discontinued if still in use. </p>
<p>Organizations should review Microsoft’s blog <a href="https://techcommunity.microsoft.com/blog/exchange/dedicated-hybrid-app-temporary-enforcements-new-hcw-and-possible-hybrid-function/4440682" target="_blank">Dedicated Hybrid App: temporary enforcements<span>, new HCW and possible hybrid functionality disruptions</span></a> for additional guidance as it becomes available.</p><p><br></p><div><br clear="all"></div><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div style="color:rgb(34,34,34)">Computer Security Incident Response Team - CSIRT</div><div style="color:rgb(34,34,34)">Diretoria Executiva de Tecnologia da Informação e Comunicação - DETIC</div><div style="color:rgb(34,34,34)">Universidade Estadual de Campinas - Unicamp</div><div style="color:rgb(34,34,34)">GnuPG Public Key: <a href="http://www.security.unicamp.br/security.asc" style="color:rgb(17,85,204)" target="_blank">http://www.security.unicamp.br/security.asc</a> [^]</div><div style="color:rgb(34,34,34)">Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830</div></div></div></div><p></p><span style="font-size:10.0pt;color:#757575"></span></div></div><div id="m_4471078783392165702mail_footer">
</div>
<div id="m_4471078783392165702tagline">
<hr>
<table style="width:100%" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="color:#757575;font-size:10px;font-family:Arial" width="89%"><br></td>
<td align="right" width="11%"><br></td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
</tbody></table>
<img alt="" src="https://links-2.govdelivery.com/CI0/0101019881fb4afd-fe077fac-7b3d-4079-af88-da15d0519706-000000/QLJb96s4KIuPMm1Nf4hWOm55NN3ZVKh8BGXXHifZVVE=417" style="display:none;width:1px;height:1px">
</div>
</div></div>