<div dir="ltr"><div><div class="gmail-l-full__header"><div class="gmail-c-page-title"><div class="gmail-c-page-title__inner gmail-l-constrain"><div class="gmail-c-page-title__row"><div class="gmail-c-page-title__content"><div class="gmail-c-page-title__fields">
<div class="gmail-c-field gmail-c-field--name-field-last-updated gmail-c-field--type-datetime gmail-c-field--label-above">
<div class="gmail-c-field__label">Informação original: <a href="https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments">https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments</a></div><div class="gmail-c-field__label"></div><div class="gmail-c-field__label"><br></div><div class="gmail-c-field__label">Last Revised</div><div class="gmail-c-field__content">August 12, 2025</div></div>
</div>
</div>
</div>
<div class="gmail-c-page-title__decoration"></div>
</div>
</div>
</div>
<div class="gmail-l-full__main">
<div class="gmail-l-page-section gmail-l-page-section--rich-text">
<div class="gmail-l-constrain">
<div class="gmail-l-page-section__content">
<p><strong>Update (08/12/2025):</strong> CISA has updated this
alert to provide clarification on identifying Exchange Servers on an
organization’s networks and provided further guidance on running the
Microsoft Exchange Health Checker.</p>
<p><strong>Update (08/07/2025):</strong><em> </em>CISA issued <a href="https://www.cisa.gov/news-events/directives/ed-25-02-mitigate-microsoft-exchange-vulnerability" title="ED 25-02: Mitigate Microsoft Exchange Vulnerability">Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability</a> in response to <a href="https://www.cve.org/CVERecord?id=CVE-2025-53786" target="_blank" title="CVE-2025-53786," class="ext"><u>CVE-2025-53786</u></a></p></div></div></div></div><div class="gmail-OutlineElement gmail-Ltr gmail-SCXW130632333 gmail-BCX8">
<p>CISA is aware of the newly disclosed high-severity vulnerability, <a href="https://www.cve.org/CVERecord?id=CVE-2025-53786" target="_blank" title="CVE-2025-53786," class="ext"><u>CVE-2025-53786</u></a></p></div><div class="gmail-OutlineElement gmail-Ltr gmail-SCXW130632333 gmail-BCX8"><p>,
that allows a cyber threat actor with administrative access to an
on-premise Microsoft Exchange server to escalate privileges by
exploiting vulnerable hybrid-joined configurations. This vulnerability,
if not addressed, could impact the identity integrity of an
organization’s Exchange Online service. </p>
</div>
<div class="gmail-OutlineElement gmail-Ltr gmail-SCXW130632333 gmail-BCX8">
<p>While Microsoft has stated there is no observed exploitation as of
the time of this alert’s publication, CISA strongly urges organizations
to implement Microsoft’s <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786" target="_blank" title="Exchange Server Hybrid deployment Elevation of Privilege Vulnerability," class="ext"><u>Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability</u></a></p></div><div class="gmail-OutlineElement gmail-Ltr gmail-SCXW130632333 gmail-BCX8"><p>
guidance outlined below, or risk leaving the organization vulnerable to
a hybrid cloud and on-premises total domain compromise. </p>
</div><div class="gmail-ListContainerWrapper gmail-SCXW130632333 gmail-BCX8">
<ol><li>Organizations should first inventory all Exchange Servers on their
networks (organizations should leverage existing visibility tools or
publicly available tools, such as NMAP or PowerShell scripts, to
accomplish this task).</li><li>If using Exchange hybrid, review Microsoft’s guidance <a href="https://techcommunity.microsoft.com/blog/exchange/exchange-server-security-changes-for-hybrid-deployments/4396833" target="_blank" title="Exchange Server Security Changes for Hybrid Deployments," class="ext"><u>Exchange Server Security Changes for Hybrid Deployments</u></a><u> </u> to determine if your Microsoft hybrid deployments are potentially affected and available for a Cumulative Update (CU).</li><li>Install Microsoft’s <a href="https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471" target="_blank" title="April 2025 Exchange Server Hotfix Updates," class="ext"><u>April 2025 Exchange Server Hotfix Updates</u></a> on the on-premise Exchange server and follow Microsoft’s configuration instructions <a href="https://learn.microsoft.com/en-us/Exchange/hybrid-deployment/deploy-dedicated-hybrid-app" target="_blank" title="Deploy dedicates Exchange hybrid app," class="ext"><u>Deploy dedicated Exchange hybrid app</u></a>. </li><li>For organizations using Exchange hybrid (or have previously configured
Exchange hybrid but no longer use it), review Microsoft's <a href="https://learn.microsoft.com/en-us/Exchange/hybrid-deployment/deploy-dedicated-hybrid-app#service-principal-clean-up-mode" target="_blank" title="Microsoft's Service Principal Clean-Up Mode," class="ext">Service Principal Clean-Up Mode</a> for guidance on resetting the service principal’s <code>keyCredentials</code>. </li><li>Upon completion, run the <a href="https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/" target="_blank" title="Microsoft Exchange Health Checker," class="ext"><u>Microsoft Exchange Health Checker</u></a>
with appropriate permissions to identify the CU level of each Exchange
Server identified and to determine if further steps are required.</li></ol></div><div class="gmail-OutlineElement gmail-Ltr gmail-SCXW130632333 gmail-BCX8"><p>CISA highly recommends entities disconnect public-facing versions
of Exchange Server or SharePoint Server that have reached their
end-of-life (EOL) or end-of-service from the internet. For example,
SharePoint Server 2013 and earlier versions are EOL and should be
discontinued if still in use. </p>
</div>
<div class="gmail-OutlineElement gmail-Ltr gmail-SCXW130632333 gmail-BCX8">
<p>Organizations should review Microsoft’s blog <a href="https://techcommunity.microsoft.com/blog/exchange/dedicated-hybrid-app-temporary-enforcements-new-hcw-and-possible-hybrid-function/4440682" target="_blank" title="Dedicated Hybrid App: temporary enforcements, new HCW and possible hybrid functionality disruptions," class="ext"><u>Dedicated Hybrid App: temporary enforcements, new HCW and possible hybrid functionality disruptions</u></a></p></div><div class="gmail-OutlineElement gmail-Ltr gmail-SCXW130632333 gmail-BCX8"><p> for additional guidance as it becomes available. </p>
</div>
<div class="gmail-OutlineElement gmail-Ltr gmail-SCXW130632333 gmail-BCX8">
<p><strong>Disclaimer: </strong> </p>
</div>
<div class="gmail-OutlineElement gmail-Ltr gmail-SCXW130632333 gmail-BCX8">
<p>The information in this report is being provided “as is” for
informational purposes only. CISA does not endorse any commercial
entity, product, company, or service, including any entities, products,
or services linked within this document. Any reference to specific
commercial entities, products, processes, or services by service mark,
trademark, manufacturer, or otherwise, does not constitute or imply
endorsement, recommendation, or favoring by CISA. </p>
</div><li> to determine if your Microsoft hybrid deployments are potentially affected and available for a Cumulative Update (CU).</li><li>Install Microsoft’s <a href="https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471" target="_blank" title="April 2025 Exchange Server Hotfix Updates," class="ext"><u>April 2025 Exchange Server Hotfix Updates</u></a></li><li>. </li><li>For organizations using Exchange hybrid (or have previously
configured Exchange hybrid but no longer use it), review Microsoft's <a href="https://learn.microsoft.com/en-us/Exchange/hybrid-deployment/deploy-dedicated-hybrid-app#service-principal-clean-up-mode" target="_blank" title="Microsoft's Service Principal Clean-Up Mode," class="ext">Service Principal Clean-Up Mode</a></li><li> for guidance on resetting the service principal’s <code>keyCredentials</code>. </li><li>Upon completion, run the <a href="https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/" target="_blank" title="Microsoft Exchange Health Checker," class="ext"><u>Microsoft Exchange Health Checker</u></a></li><br></div><div><br></div><div><br clear="all"></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="color:rgb(34,34,34)">Computer Security Incident Response Team - CSIRT</div><div style="color:rgb(34,34,34)">Diretoria Executiva de Tecnologia da Informação e Comunicação - DETIC</div><div style="color:rgb(34,34,34)">Universidade Estadual de Campinas - Unicamp</div><div style="color:rgb(34,34,34)">GnuPG Public Key: <a href="http://www.security.unicamp.br/security.asc" style="color:rgb(17,85,204)" target="_blank">http://www.security.unicamp.br/security.asc</a> [^]</div><div style="color:rgb(34,34,34)">Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830</div></div></div></div></div>