By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups
Tech News

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

By Viral Trending Content 3 Min Read
Share
SHARE

Aug 07, 2025Ravie LakshmananVulnerability / Threat Detection

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions.

The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug.

“In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable traces,” the tech giant said in the alert.

“This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations.”

Successful exploitation of the flaw could allow an attacker to escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable traces, the company added. However, the attack hinges on the threat actor already having administrator access to an Exchange Server.

Cybersecurity

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in a bulletin of its own, said the vulnerability could impact the identity integrity of an organization’s Exchange Online service if left unpatched.

As mitigations, customers are recommended to review Exchange Server security changes for hybrid deployments, install the April 2025 Hot Fix (or newer), and follow the configuration instructions.

“If you’ve previously configured Exchange hybrid or OAuth authentication between Exchange Server and your Exchange Online organization but no longer use it, make sure to reset the service principal’s keyCredentials,” Microsoft said.

The development comes as the Windows maker said it will begin temporarily blocking Exchange Web Services (EWS) traffic using the Exchange Online shared service principal starting this month in an effort to increase the customer adoption of the dedicated Exchange hybrid app and improve the security posture of the hybrid environment.

Microsoft’s advisory for CVE-2025-53786 also coincides with CISA’s analysis of various malicious artifacts deployed following the exploitation of recently disclosed SharePoint flaws, collectively tracked as ToolShell.

Identity Security Risk Assessment

This includes two Base64-encoded DLL binaries and four Active Server Page Extended (ASPX) files that are designed to retrieve machine key settings within an ASP.NET application’s configuration and act as a web shell to execute commands and upload files.

“Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint the host system and exfiltrate data,” the agency said.

CISA is also urging entities to disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet, not to mention discontinue the use of outdated versions.

You Might Also Like

Elon Musk Wants ‘Strong Influence’ Over the ‘Robot Army’ He’s Building

TARmageddon flaw in abandoned Rust library enables RCE attacks

Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign

National College of Ireland receives $500k from Citi Foundation

Apple’s 2026 Roadmap: Foldable iPhone, M5 Max and More

TAGGED: CISA, Cloud security, Cyber Security, Cybersecurity, Exchange Server, Identity Protection, Internet, Malware, Microsoft, powershell, privilege escalation, threat detection, Vulnerability
Share This Article
Facebook Twitter Copy Link
Previous Article Top altcoins to buy before Ethereum price surges past all-time highs: VeChain, Remittix and HBAR
Next Article Two more Denver Walgreens locations will close in September
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

ASTER price outlook after Solana co-founder unveiled a rival perp DEX
Crypto
Elon Musk Wants ‘Strong Influence’ Over the ‘Robot Army’ He’s Building
Tech News
TARmageddon flaw in abandoned Rust library enables RCE attacks
Tech News
Arsenal have the new Saka & he's already one of the best "in world football"
Sports
Who Is Dave Franco’s Wife? 5 Things to Know About Alison Brie
Celebrity
Pokémon Legends: Z-A Guide: How To Unlock More Boxes For Pokemon
Gaming News
With share prices near record highs, I’m looking to Warren Buffett for ideas
Business

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

ASTER price outlook after Solana co-founder unveiled a rival perp DEX

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
ASTER price outlook after Solana co-founder unveiled a rival perp DEX
October 23, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?