{"id":21348,"date":"2025-08-11T06:21:26","date_gmt":"2025-08-11T04:21:26","guid":{"rendered":"https:\/\/ig.technology\/?p=21348"},"modified":"2025-08-21T06:22:38","modified_gmt":"2025-08-21T04:22:38","slug":"29k-ips-still-unpatched-as-cisas-deadline-nears-us-and-germany-most-affected","status":"publish","type":"post","link":"https:\/\/ig.technology\/index.php\/2025\/08\/11\/29k-ips-still-unpatched-as-cisas-deadline-nears-us-and-germany-most-affected\/","title":{"rendered":"29K IPs still unpatched as CISA\u2019s deadline nears: US and Germany most affected","gt_translate_keys":[{"key":"rendered","format":"text"}]},"content":{"rendered":"\n\n \n \n \n Thousands of Microsoft Exchange Servers Left Unprotected Amid CISA Deadline<\/title>\n<\/head>\n<body>\n <article>\n <h1>Thousands of Microsoft Exchange Servers Left Unprotected Amid CISA Deadline<\/h1>\n <p><strong>Date:<\/strong> Mid-August 2025<\/p>\n\n <h2>Situation at a Glance<\/h2>\n <p>As of early August 2025, nearly 29,000 Microsoft Exchange servers remained unpatched, mere hours before CISA\u2019s compliance deadline. This security gap exposes organizations to a critical risk of unauthorized privilege escalation, potentially compromising their Microsoft 365 cloud environments.<\/p>\n\n <h2>Vulnerable Servers by Country<\/h2>\n <p>Shadowserver Foundation scans revealed the following exposed servers:<\/p>\n <ul>\n <li>United States: ~7,200<\/li>\n <li>Germany: ~6,700<\/li>\n <li>Russia: ~2,500<\/li>\n <li>Other countries\u2014including the UK, France, Canada, and Austria\u2014each with several hundred vulnerable servers.<\/li>\n <\/ul>\n\n <h2>The Critical Flaw: CVE-2025-53786<\/h2>\n <p>The identified vulnerability, tracked as CVE-2025-53786 and rated high severity, stems from improper authentication in hybrid Exchange configurations. Attackers with administrative access to an on-prem Exchange server could exploit this flaw to escalate privileges into the connected Exchange Online environment, without creating detectable logs in Microsoft 365.<\/p>\n\n <h2>Urgent Mitigation Measures<\/h2>\n <p>Microsoft strongly recommends the following immediate actions:<\/p>\n <ul>\n <li>Apply the April 2025 hotfix for Exchange hybrid deployments.<\/li>\n <li>Migrate to the dedicated Exchange Hybrid app.<\/li>\n <li>Reset credentials associated with the shared service principal.<\/li>\n <li>Use CISA\u2019s tools such as Service Principal Clean-Up Mode and run the Exchange Health Checker for validation.<\/li>\n <\/ul>\n\n <h2>Why This Matters<\/h2>\n <p>Hybrid Exchange setups blend on-premises servers with cloud services. Without patching, attackers exploiting this vulnerability could compromise both environments and go undetected due to gaps in auditing. The widespread exposure\u2014especially in critical regions like the U.S. and Germany\u2014highlights a systemic risk with potentially severe consequences.<\/p>\n\n <h2>Conclusion<\/h2>\n <p>The persistence of tens of thousands of unpatched Exchange servers puts organizations at high risk of serious cyberattacks. Immediate remediation is essential to prevent unauthorized access, privilege escalation, and domain-wide breaches in hybrid Exchange environments.<\/p>\n <\/article>\n<\/body>\n<\/html>\n\n\n\n<a href=\"https:\/\/cybernews.com\/security\/thousands-microsoft-exhange-servers-left-unprotected\/?utm_source=cn_twitter&utm_medium=social&utm_campaign=cybernews&utm_content=tweet&source=cn_twitter&medium=social&campaign=cybernews&content=tweet\">\n <button>Read the Original Article<\/button>\n <\/a>\n\n\n\n<p><\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"excerpt":{"rendered":"<p>Thousands of Microsoft Exchange Servers Left Unprotected Amid CISA Deadline Thousands of Microsoft Exchange Servers Left Unprotected Amid CISA Deadline Date: Mid-August 2025 Situation at a Glance As of early August 2025, nearly 29,000 Microsoft Exchange servers remained unpatched, mere hours before CISA\u2019s compliance deadline. This security gap exposes organizations to a critical risk of unauthorized privilege escalation, potentially compromising their Microsoft 365 cloud environments. Vulnerable Servers by Country Shadowserver Foundation scans revealed the following exposed servers: United States: ~7,200 Germany: ~6,700 Russia: ~2,500 Other countries\u2014including the UK, France, Canada, and Austria\u2014each with several hundred vulnerable servers. The Critical Flaw: CVE-2025-53786 The identified vulnerability, tracked as CVE-2025-53786 and rated high severity, stems from improper authentication in hybrid Exchange configurations. Attackers with administrative access to an on-prem Exchange server could exploit this flaw to escalate privileges into the connected Exchange Online environment, without creating detectable logs in Microsoft 365. Urgent Mitigation Measures Microsoft strongly recommends the following immediate actions: Apply the April 2025 hotfix for Exchange hybrid deployments. Migrate to the dedicated Exchange Hybrid app. Reset credentials associated with the shared service principal. Use CISA\u2019s tools such as Service Principal Clean-Up Mode and run the Exchange Health Checker for validation. Why This Matters Hybrid Exchange setups blend on-premises servers with cloud services. Without patching, attackers exploiting this vulnerability could compromise both environments and go undetected due to gaps in auditing. The widespread exposure\u2014especially in critical regions like the U.S. and Germany\u2014highlights a systemic risk with potentially severe consequences. Conclusion The persistence of tens of thousands of unpatched Exchange servers puts organizations at high risk of serious cyberattacks. Immediate remediation is essential to prevent unauthorized access, privilege escalation, and domain-wide breaches in hybrid Exchange environments. Read the Original Article<\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"author":1,"featured_media":21351,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[114,1,19,20,24],"tags":[],"class_list":["post-21348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-attacks","category-blog","category-cyber-security","category-data-analysis","category-technology"],"aioseo_notices":[],"gt_translate_keys":[{"key":"link","format":"url"}],"_links":{"self":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts\/21348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/comments?post=21348"}],"version-history":[{"count":2,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts\/21348\/revisions"}],"predecessor-version":[{"id":21350,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts\/21348\/revisions\/21350"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/media\/21351"}],"wp:attachment":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/media?parent=21348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/categories?post=21348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/tags?post=21348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}