Forwarded by Taiwan Computer Network Crisis and Coordination Center (TWCERTCC-200-202508-00000004)

[Description]
Microsoft has released a critical security vulnerability advisory (CVE-2025-53786, CVSS: 8.0) for its Exchange Server product. This vulnerability allows an attacker with administrator privileges to escalate privileges in a hybrid cloud-on-premises deployment. Currently, log monitoring tools in cloud environments cannot record malicious activity related to this vulnerability.

A proof-of-concept (PoC) for this vulnerability was recently demonstrated publicly at the Black Hat conference in the United States, potentially facilitating subsequent exploitation by attackers. Microsoft has released security updates and provided temporary mitigation measures. It is recommended that temporary mitigation measures be implemented as soon as possible to prevent potential attacks targeting this vulnerability.

[Affected Platforms]
● Microsoft Exchange Server Subscription Edition RTM versions 15.02.0.0 to 15.02.2562.017
● Microsoft Exchange Server 2016 Cumulative Update 23 versions 15.01.0 to 15.01.2507.055
● Microsoft Exchange Server 2019 Cumulative Update 14 versions 15.02.0.0 to 15.02.1544.025
● Microsoft Exchange Server 2019 Cumulative Update 15 versions 15.02.0 to 15.02.1748.024

[Recommended Action]
Patch according to the workaround released on the official website:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786

[References]
1 https://www.twcert.org.tw/tw/cp-169-10316-60f9c-1.html