What is it?
Microsoft Exchange Server (2016, 2019 and Subscription) on-premises has a vulnerability allowing an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace.
Why is it a risk?
Users with escalated privileges can run arbitrary commands both locally and remotely.
How can you mitigate the risk?
Patch your Microsoft Exchange Server to the latest version.
The Microsoft link below provides access to Security Updates for each version.
Resources:
Microsoft – One-Click Microsoft Exchange On-Premises Mitigation Tool
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
