[SECURITY-L] Fwd: Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments

[CSIRT Unicamp]

[image: Cybersecurity and Infrastructure Security Agency (CISA)]

You are subscribed to Cybersecurity Advisories for Cybersecurity and
Infrastructure Security Agency. This information has recently been updated
and is now available.
Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786)
in Hybrid Exchange Deployments
<https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments?utm_source=MSFTHybrid&utm_medium=GovDelivery>
08/06/2025 8:30 PM EDT

*Note:** This Alert may be updated to reflect new guidance issued by CISA
or other parties.*

CISA is aware of the newly disclosed high-severity vulnerability,
CVE-2025-53786 <https://www.cve.org/CVERecord?id=CVE-2025-53786>, that
allows a cyber threat actor with administrative access to an on-premise
Microsoft Exchange server to escalate privileges by exploiting vulnerable
hybrid-joined configurations. This vulnerability, if not addressed, could
impact the identity integrity of an organization’s Exchange Online service.

While Microsoft has stated there is no observed exploitation as of the time
of this alert’s publication, CISA strongly urges organizations to implement
Microsoft’s Exchange Server Hybrid Deployment Elevation of Privilege
Vulnerability
<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786>
guidance outlined below, or risk leaving the organization vulnerable to a
hybrid cloud and on-premises total domain compromise.

   1. If using Exchange hybrid, review Microsoft’s guidance Exchange Server
   Security Changes for Hybrid Deployments
   <https://techcommunity.microsoft.com/blog/exchange/exchange-server-security-changes-for-hybrid-deployments/4396833>
   to determine if your Microsoft hybrid deployments are potentially affected
   and available for a Cumulative Update (CU).
   2. Install Microsoft’s April 2025 Exchange Server Hotfix Updates
   <https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471>
   on the on-premise Exchange server and follow Microsoft’s configuration
   instructions Deploy dedicated Exchange hybrid app
   <https://learn.microsoft.com/en-us/Exchange/hybrid-deployment/deploy-dedicated-hybrid-app>
   .
   3. For organizations using Exchange hybrid (or have previously
   configured Exchange hybrid but no longer use it), review Microsoft’s Service
   Principal Clean-Up Mode
   <https://learn.microsoft.com/en-us/Exchange/hybrid-deployment/deploy-dedicated-hybrid-app#service-principal-clean-up-mode>
   for guidance on resetting the service principal’s keyCredentials.
   4. Upon completion, run the Microsoft Exchange Health Checker
   <https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/> to
   determine if further steps are required.

CISA highly recommends entities disconnect public-facing versions of
Exchange Server or SharePoint Server that have reached their end-of-life
(EOL) or end-of-service from the internet. For example, SharePoint Server
2013 and earlier versions are EOL and should be discontinued if still in
use.

Organizations should review Microsoft’s blog Dedicated Hybrid App:
temporary enforcements, new HCW and possible hybrid functionality
disruptions
<https://techcommunity.microsoft.com/blog/exchange/dedicated-hybrid-app-temporary-enforcements-new-hcw-and-possible-hybrid-function/4440682>
for additional guidance as it becomes available.



Computer Security Incident Response Team - CSIRT
Diretoria Executiva de Tecnologia da Informação e Comunicação - DETIC
Universidade Estadual de Campinas - Unicamp
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830

------------------------------
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20250807/43f0b310/attachment.html>