- Microsoft sounded the alarm on a hybrid exchange error in early August 2025
- However, nearly 30,000 cases remain vulnerable
- Microsoft has advised users on how to defend their final points, so patch now
Almost a week after Microsoft published the finding and patching of a dangerous error with high severity in hybrid exchange installations, experts have warned thousands of final points remain vulnerable.
The Shadows Server Foundation, a non -profit organization dedicated to strengthening the cyber security community, claims that 29,000 exchange servers remain unmatched and postponed online, basically inviting threat actors to break in and cause problems.
Cases could be even worse, as activity from On-Prem exchange does not always generate logs associated with malicious behavior in Microsoft 365, which may result in Cyberattacks not being discovered via cloud-based revision.
Escalating privileges
Microsoft has urged customers to be in high awareness of a “wrong approval error” which could give threat actors with administrator access to an on-premage-Exchange server to escalate privileges to the connected Exchange Online environment due to trust errors in shared service principles configurations.
Of the affected servers, 7,200 are located in the United States, 6,700 are in Germany, and about 2,500 are in Russia.
A Hybrid Microsoft Exchange implementation combines on local exchange servers with Exchange Online in Microsoft 365 so they can work together as a system. It allows organizations to support seamless e -mail, calendar and contact sharing across both environments.
“In an Exchange hybrid implementation, an striker who first gets administrative access to a local exchange server can potentially escalate privileges within the organization’s connected sky environment without easy to leave detectable and auditable track,” Microsoft said. Both the Exchange Server 2016 and the Exchange Server 2019 are affected, as is the Microsoft Exchange Server Subscription edition.
Although there is no sign of abuse in nature, Microsoft has called on its customers to use April 2025 hotfixes, transition to the dedicated Exchange Hybrid app and reset the shared service -Rector’s credentials to mitigate the risk.
Via Bleeping computer
