{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"CVE-2025-53786: The Microsoft Exchange Hybrid Flaw That Could Take Down Your Domain","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/669c29b6\"></iframe>","width":"100%","height":180,"duration":2681,"description":"A critical security flaw, tracked as CVE-2025-53786, is putting tens of thousands of organizations at risk — and U.S. federal agencies are under orders to patch it immediately. This high-severity vulnerability affects Microsoft Exchange Server in hybrid configurations, where on-premises deployments are connected to Microsoft 365 cloud environments.Here’s why security experts are sounding the alarm: if an attacker gains administrative access to an on-premises Exchange server, they can escalate privileges in the connected cloud tenant, potentially achieving total domain compromise. This means unfettered access to Exchange Online, SharePoint, and other linked resources — bypassing Conditional Access rules and leaving minimal logging for detection. Even worse, the forged tokens used in this attack can stay valid for up to 24 hours, making them nearly impossible to revoke once stolen.Microsoft first addressed the issue in April 2025 with a non-security hotfix, urging customers to move from a shared service principal to a dedicated Exchange hybrid application in Entra ID. This architectural change eliminates the insecure trust relationship at the heart of the vulnerability. However, many organizations still haven’t applied the fix — as of August 10, over 29,000 Exchange servers remain unpatched worldwide, including more than 7,200 in the U.S.The urgency is so high that on August 7, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-02, mandating that all U.S. federal agencies patch by August 11, 2025. The directive lays out strict steps: update Exchange to the latest Cumulative Update, apply the April hotfix, configure the dedicated hybrid app, and clean up legacy credentials. No exceptions are being granted.To enforce adoption, Microsoft will begin temporary service disruptions for organizations still using the shared service principal — starting with two-day blocks in August, then longer outages in September and October, before...","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}