Thousands of Microsoft Exchange Servers Left Unprotected Ahead of CISA Deadline<\/title>\n<\/head>\n<body>\n <article>\n <h1>Thousands of Microsoft Exchange Servers Left Unprotected Ahead of CISA Deadline<\/h1>\n <p><strong>Date:<\/strong> August 11, 2025<\/p>\n\n <h2>Situation Overview<\/h2>\n <p>As of early August 2025, approximately 29,000 Microsoft Exchange on-premises servers remained unpatched for a critical vulnerability (CVE-2025-53786), just hours before the deadline imposed by CISA. This flaw poses a grave risk to hybrid deployments, allowing privilege escalation into the Microsoft 365 cloud environment.<\/p>\n \n <h2>Geographical Distribution of Vulnerable Servers<\/h2>\n <p>Shadowserver scans reported the following breakdown:<\/p>\n <ul>\n <li>United States: ~7,296<\/li>\n <li>Germany: ~6,682<\/li>\n <li>Russia: ~2,513<\/li>\n <li>Other countries, including France, the UK, Austria, and Canada, each with hundreds of vulnerable servers.<\/li>\n <\/ul>\n \n <h2>The Vulnerability: CVE-2025-53786<\/h2>\n <p>This high-severity elevation-of-privilege flaw affects Exchange Server 2016, Exchange Server 2019, and the Subscription Edition in hybrid configurations. It allows attackers with administrative access to an on-prem server to escalate privileges in the connected Exchange Online environment, bypassing detection due to weak authentication mechanisms in shared service principal configurations.<\/p>\n \n <h2>Urgent Mitigation and Government Directive<\/h2>\n <p>CISA issued an Emergency Directive (ED 25-02), mandating federal agencies to take specific corrective actions by 9 AM EDT, August 11, 2025:<\/p>\n <ol>\n <li>Inventory all Exchange servers using the Microsoft Health Checker script.<\/li>\n <li>Disconnect end-of-life or unsupported servers immediately.<\/li>\n <li>Install the April 2025 hotfix and applicable cumulative updates (e.g., CU14\/CU15 for 2019, CU23 for 2016).<\/li>\n <li>Migrate to the dedicated Exchange Hybrid Application and reset the legacy shared service principal credentials.<\/li>\n <\/ol>\n \n <h2>Updated Guidance and Best Practices<\/h2>\n <p>On August 12, Microsoft and CISA expanded guidance on vulnerability detection and remediation:<\/p>\n <ul>\n <li>Organizations should run the Exchange Health Checker to validate updates and configurations.<\/li>\n <li>Ensure deployment of the dedicated Exchange Hybrid App and remove outdated trust setups.<\/li>\n <li>Apply the August 2025 cumulative security updates to maintain compatibility and include AMSI-scanning enhancements.<\/li>\n <li>Monitor for post-update issues and use troubleshooting tools like SetupAssist if needed.<\/li>\n <\/ul>\n \n <h2>Why This Matters<\/h2>\n <p>The vulnerability enables silent privilege escalation\u2014from on-prem Exchange to cloud\u2014threatening total domain compromise. Without proper mitigation, attackers could exploit trusted tokens, gain unauthorized access for up to 24 hours, and potentially evade logging mechanisms entirely.<\/p>\n \n <h2>Conclusion<\/h2>\n <p>The widespread delay in patching tens of thousands of Exchange servers reveals a critical security gap that affects both government and private sector infrastructures. Immediate action\u2014including patching, configuration updates, and migration to safer hybrid architectures\u2014is essential to protect against potentially devastating breach scenarios.<\/p>\n <\/article>\n<\/body>\n<\/html>\n\n\n\n<a href=\"https:\/\/www.theguardian.com\/technology\/2025\/jul\/14\/an-ai-generated-band-got-1m-plays-on-spotify-now-music-insiders-say-listeners-should-be-warned\">\n <button>Read the Original Article<\/button>\n <\/a>\n\n\n\n<p><\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"excerpt":{"rendered":"<p>Thousands of Microsoft Exchange Servers Left Unprotected Ahead of CISA Deadline Thousands of Microsoft Exchange Servers Left Unprotected Ahead of CISA Deadline Date: August 11, 2025 Situation Overview As of early August 2025, approximately 29,000 Microsoft Exchange on-premises servers remained unpatched for a critical vulnerability (CVE-2025-53786), just hours before the deadline imposed by CISA. This flaw poses a grave risk to hybrid deployments, allowing privilege escalation into the Microsoft 365 cloud environment. Geographical Distribution of Vulnerable Servers Shadowserver scans reported the following breakdown: United States: ~7,296 Germany: ~6,682 Russia: ~2,513 Other countries, including France, the UK, Austria, and Canada, each with hundreds of vulnerable servers. The Vulnerability: CVE-2025-53786 This high-severity elevation-of-privilege flaw affects Exchange Server 2016, Exchange Server 2019, and the Subscription Edition in hybrid configurations. It allows attackers with administrative access to an on-prem server to escalate privileges in the connected Exchange Online environment, bypassing detection due to weak authentication mechanisms in shared service principal configurations. Urgent Mitigation and Government Directive CISA issued an Emergency Directive (ED 25-02), mandating federal agencies to take specific corrective actions by 9 AM EDT, August 11, 2025: Inventory all Exchange servers using the Microsoft Health Checker script. Disconnect end-of-life or unsupported servers immediately. Install the April 2025 hotfix and applicable cumulative updates (e.g., CU14\/CU15 for 2019, CU23 for 2016). Migrate to the dedicated Exchange Hybrid Application and reset the legacy shared service principal credentials. Updated Guidance and Best Practices On August 12, Microsoft and CISA expanded guidance on vulnerability detection and remediation: Organizations should run the Exchange Health Checker to validate updates and configurations. Ensure deployment of the dedicated Exchange Hybrid App and remove outdated trust setups. Apply the August 2025 cumulative security updates to maintain compatibility and include AMSI-scanning enhancements. Monitor for post-update issues and use troubleshooting tools like SetupAssist if needed. Why This Matters The vulnerability enables silent privilege escalation\u2014from on-prem Exchange to cloud\u2014threatening total domain compromise. Without proper mitigation, attackers could exploit trusted tokens, gain unauthorized access for up to 24 hours, and potentially evade logging mechanisms entirely. Conclusion The widespread delay in patching tens of thousands of Exchange servers reveals a critical security gap that affects both government and private sector infrastructures. Immediate action\u2014including patching, configuration updates, and migration to safer hybrid architectures\u2014is essential to protect against potentially devastating breach scenarios. Read the Original Article<\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"author":1,"featured_media":21354,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[114,1,19,20,24],"tags":[],"class_list":["post-21352","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-attacks","category-blog","category-cyber-security","category-data-analysis","category-technology"],"aioseo_notices":[],"gt_translate_keys":[{"key":"link","format":"url"}],"_links":{"self":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts\/21352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/comments?post=21352"}],"version-history":[{"count":2,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts\/21352\/revisions"}],"predecessor-version":[{"id":21355,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts\/21352\/revisions\/21355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/media\/21354"}],"wp:attachment":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/media?parent=21352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/categories?post=21352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/tags?post=21352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":21352,"date":"2025-07-25T06:24:47","date_gmt":"2025-07-25T04:24:47","guid":{"rendered":"https:\/\/ig.technology\/?p=21352"},"modified":"2025-08-21T06:26:22","modified_gmt":"2025-08-21T04:26:22","slug":"an-ai-generated-band-got-1m-plays-on-spotify-now-music-insiders-say-listeners-should-be-warned","status":"publish","type":"post","link":"https:\/\/ig.technology\/index.php\/2025\/07\/25\/an-ai-generated-band-got-1m-plays-on-spotify-now-music-insiders-say-listeners-should-be-warned\/","title":{"rendered":"An AI-generated band got 1m plays on Spotify. Now music insiders say listeners should be warned","gt_translate_keys":[{"key":"rendered","format":"text"}]},"content":{"rendered":"\n\n \n \n \n Thousands of Microsoft Exchange Servers Left Unprotected Ahead of CISA Deadline<\/title>\n<\/head>\n<body>\n <article>\n <h1>Thousands of Microsoft Exchange Servers Left Unprotected Ahead of CISA Deadline<\/h1>\n <p><strong>Date:<\/strong> August 11, 2025<\/p>\n\n <h2>Situation Overview<\/h2>\n <p>As of early August 2025, approximately 29,000 Microsoft Exchange on-premises servers remained unpatched for a critical vulnerability (CVE-2025-53786), just hours before the deadline imposed by CISA. This flaw poses a grave risk to hybrid deployments, allowing privilege escalation into the Microsoft 365 cloud environment.<\/p>\n \n <h2>Geographical Distribution of Vulnerable Servers<\/h2>\n <p>Shadowserver scans reported the following breakdown:<\/p>\n <ul>\n <li>United States: ~7,296<\/li>\n <li>Germany: ~6,682<\/li>\n <li>Russia: ~2,513<\/li>\n <li>Other countries, including France, the UK, Austria, and Canada, each with hundreds of vulnerable servers.<\/li>\n <\/ul>\n \n <h2>The Vulnerability: CVE-2025-53786<\/h2>\n <p>This high-severity elevation-of-privilege flaw affects Exchange Server 2016, Exchange Server 2019, and the Subscription Edition in hybrid configurations. It allows attackers with administrative access to an on-prem server to escalate privileges in the connected Exchange Online environment, bypassing detection due to weak authentication mechanisms in shared service principal configurations.<\/p>\n \n <h2>Urgent Mitigation and Government Directive<\/h2>\n <p>CISA issued an Emergency Directive (ED 25-02), mandating federal agencies to take specific corrective actions by 9 AM EDT, August 11, 2025:<\/p>\n <ol>\n <li>Inventory all Exchange servers using the Microsoft Health Checker script.<\/li>\n <li>Disconnect end-of-life or unsupported servers immediately.<\/li>\n <li>Install the April 2025 hotfix and applicable cumulative updates (e.g., CU14\/CU15 for 2019, CU23 for 2016).<\/li>\n <li>Migrate to the dedicated Exchange Hybrid Application and reset the legacy shared service principal credentials.<\/li>\n <\/ol>\n \n <h2>Updated Guidance and Best Practices<\/h2>\n <p>On August 12, Microsoft and CISA expanded guidance on vulnerability detection and remediation:<\/p>\n <ul>\n <li>Organizations should run the Exchange Health Checker to validate updates and configurations.<\/li>\n <li>Ensure deployment of the dedicated Exchange Hybrid App and remove outdated trust setups.<\/li>\n <li>Apply the August 2025 cumulative security updates to maintain compatibility and include AMSI-scanning enhancements.<\/li>\n <li>Monitor for post-update issues and use troubleshooting tools like SetupAssist if needed.<\/li>\n <\/ul>\n \n <h2>Why This Matters<\/h2>\n <p>The vulnerability enables silent privilege escalation\u2014from on-prem Exchange to cloud\u2014threatening total domain compromise. Without proper mitigation, attackers could exploit trusted tokens, gain unauthorized access for up to 24 hours, and potentially evade logging mechanisms entirely.<\/p>\n \n <h2>Conclusion<\/h2>\n <p>The widespread delay in patching tens of thousands of Exchange servers reveals a critical security gap that affects both government and private sector infrastructures. Immediate action\u2014including patching, configuration updates, and migration to safer hybrid architectures\u2014is essential to protect against potentially devastating breach scenarios.<\/p>\n <\/article>\n<\/body>\n<\/html>\n\n\n\n<a href=\"https:\/\/www.theguardian.com\/technology\/2025\/jul\/14\/an-ai-generated-band-got-1m-plays-on-spotify-now-music-insiders-say-listeners-should-be-warned\">\n <button>Read the Original Article<\/button>\n <\/a>\n\n\n\n<p><\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"excerpt":{"rendered":"<p>Thousands of Microsoft Exchange Servers Left Unprotected Ahead of CISA Deadline Thousands of Microsoft Exchange Servers Left Unprotected Ahead of CISA Deadline Date: August 11, 2025 Situation Overview As of early August 2025, approximately 29,000 Microsoft Exchange on-premises servers remained unpatched for a critical vulnerability (CVE-2025-53786), just hours before the deadline imposed by CISA. This flaw poses a grave risk to hybrid deployments, allowing privilege escalation into the Microsoft 365 cloud environment. Geographical Distribution of Vulnerable Servers Shadowserver scans reported the following breakdown: United States: ~7,296 Germany: ~6,682 Russia: ~2,513 Other countries, including France, the UK, Austria, and Canada, each with hundreds of vulnerable servers. The Vulnerability: CVE-2025-53786 This high-severity elevation-of-privilege flaw affects Exchange Server 2016, Exchange Server 2019, and the Subscription Edition in hybrid configurations. It allows attackers with administrative access to an on-prem server to escalate privileges in the connected Exchange Online environment, bypassing detection due to weak authentication mechanisms in shared service principal configurations. Urgent Mitigation and Government Directive CISA issued an Emergency Directive (ED 25-02), mandating federal agencies to take specific corrective actions by 9 AM EDT, August 11, 2025: Inventory all Exchange servers using the Microsoft Health Checker script. Disconnect end-of-life or unsupported servers immediately. Install the April 2025 hotfix and applicable cumulative updates (e.g., CU14\/CU15 for 2019, CU23 for 2016). Migrate to the dedicated Exchange Hybrid Application and reset the legacy shared service principal credentials. Updated Guidance and Best Practices On August 12, Microsoft and CISA expanded guidance on vulnerability detection and remediation: Organizations should run the Exchange Health Checker to validate updates and configurations. Ensure deployment of the dedicated Exchange Hybrid App and remove outdated trust setups. Apply the August 2025 cumulative security updates to maintain compatibility and include AMSI-scanning enhancements. Monitor for post-update issues and use troubleshooting tools like SetupAssist if needed. Why This Matters The vulnerability enables silent privilege escalation\u2014from on-prem Exchange to cloud\u2014threatening total domain compromise. Without proper mitigation, attackers could exploit trusted tokens, gain unauthorized access for up to 24 hours, and potentially evade logging mechanisms entirely. Conclusion The widespread delay in patching tens of thousands of Exchange servers reveals a critical security gap that affects both government and private sector infrastructures. Immediate action\u2014including patching, configuration updates, and migration to safer hybrid architectures\u2014is essential to protect against potentially devastating breach scenarios. Read the Original Article<\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"author":1,"featured_media":21354,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[114,1,19,20,24],"tags":[],"class_list":["post-21352","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-attacks","category-blog","category-cyber-security","category-data-analysis","category-technology"],"aioseo_notices":[],"gt_translate_keys":[{"key":"link","format":"url"}],"_links":{"self":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts\/21352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/comments?post=21352"}],"version-history":[{"count":2,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts\/21352\/revisions"}],"predecessor-version":[{"id":21355,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/posts\/21352\/revisions\/21355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/media\/21354"}],"wp:attachment":[{"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/media?parent=21352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/categories?post=21352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ig.technology\/index.php\/wp-json\/wp\/v2\/tags?post=21352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}