- Microsoft sounded the alarm on a hybrid exchange bug in early August 2025
- However, nearly 30,000 instances remain vulnerable
- Microsoft advised users how to defend their ending points, so Patch now
Almost a week after Microsoft has published and corrected a dangerous and high severity flaw in hybrid exchange deployments, experts have warned thousands of vulnerable parameters.
The Shadowserver Foundation, a non -profit organization dedicated to the empowerment of the cybersecurity community, says that 29,000 exchange servers remain unlike and exposed online, essentially inviting actors in the threat to penetrate and cause problems.
Things could be even worse, because the activity of the exchange on a premeter does not always generate newspapers associated with malicious behavior in Microsoft 365, which could cause cyber attacks not identified via an audit based on the cloud.
Climbing of privileges
Microsoft has urged customers to be on high alert for an “inappropriate authentication bug”, which could allow threat actors with administrative access to an on -site exchange server to degenerate privileges in the online connected exchange environment due to confidence defects in the main configurations of the shared service.
Among the affected servers, 7,200 are located in the United States, 6,700 are in Germany and around 2,500 are in Russia.
A hybrid deployment of Microsoft Exchange combines on -site exchange servers with Exchange Online in Microsoft 365, allowing them to work together as a single system. It allows organizations to take care of emails, calendar and sharing of transparent contacts in both environments.
“In a hybrid exchange of exchange, an attacker who first gains administrative access to a on -site exchange server could potentially degenerate privileges in the connected cloud environment of the organization without leaving an easily detectable and verifiable trace,” said Microsoft. Exchange Server 2016 and Exchange Server 2019 are assigned, as is the Microsoft Exchange Server subscription edition.
Even if there is not yet proof of abuse in the wild, Microsoft has urged its customers to apply the Hotfixes April 2025, to go to the dedicated hybrid Exchange application and to reset the references of the shared director to mitigate the risk.
Via Bleeping Compompute
