- Microsoft finds faults with high severity in hybrid swap sponsors
- Both Exchange Server 2016 and Exchange Server 2019 are touched, and so is Microsoft Exchange Server -Subscription Edition
- A hotfix is available so users need to update now
Microsoft has called on its customers to be in high alarm after discovering a dangerous vulnerability in hybrid exchange installations.
Microsoft describes the problem as a “incorrect approval” error traced as CVE-2025-53786 with a severity of 8.0/10 (high). Threat actors with administrator access to an On-Prem Exchange server can use the vulnerability to escalate privileges to the connected Exchange Online environment due to trust errors in shared service head configurations.
Cases could be even worse, as activity from On-Prem exchange does not always generate logs associated with malicious behavior in Microsoft 365, which may result in Cyberattacks not being discovered via cloud-based revision.
“Publicly available Business Information”
A Hybrid Microsoft Exchange implementation combines on local exchange servers with Exchange Online in Microsoft 365 so they can work together as a system. It allows organizations to support seamless e -mail, calendar and contact sharing across both environments.
“In an Exchange hybrid implementation, an striker who first gets administrative access to a local exchange server can potentially escalate privileges within the organization’s connected sky environment without easy to leave detectable and auditable track,” Microsoft said.
Both the Exchange Server 2016 and the Exchange Server 2019 are affected, as is the Microsoft Exchange Server Subscription edition.
Although there is no sign of abuse in nature, Microsoft has called on its customers to use April 2025 hotfixes, transition to the dedicated Exchange Hybrid app and reset the shared service -Rector’s credentials to mitigate the risk.
At the same time, US Cyber Security and Infrastructure Security Agency (CISA) also issued an advisor who called on IT teams to review Hotfix, review Microsoft’s Service Principal Station and then run Microsoft Exchange Health Checker.
Failing to this could result in “Hybrid Sky and local compromise with the overall domain,” Cisa warned.
Via Bleeping computer
