- Microsoft rang the alarm in a hybrid exchange error in early August 2025
- However, almost 30,000 instances remain vulnerable
- Microsoft has advised users how to defend their final points, so patch now
Almost a week after Microsoft advertised and repair a dangerous and high severity failure in hybrid exchange deployments, experts warned that thousands of final points remain vulnerable.
The Shadowserver Foundation, a non -profit organization dedicated to empowering the cyber security community, states that 29,000 exchange servers remain without patches and exposed online, basically inviting the actors of threat to break and cause problems.
The issues could still be worse since the activity of exchange in the first moment does not always generate records associated with malicious behavior in Microsoft 365, which could result in the cyber attacks are not seen through the cloud -based audit.
Growing privileges
Microsoft has urged customers to be on a maximum alert for an “inappropriate authentication error”, which could allow threat actors with administrator access to an exchange server at the first time to increase privileges in the online environment of exchanged connected due to confidence failures in the main configurations of the shared service.
Of the affected servers, 7,200 are found in the United States, 6,700 are in Germany and around 2,500 are in Russia.
A Microsoft Exchange hybrid implementation combines local exchange servers with online exchange in Microsoft 365, which allows them to work together as a single system. It allows organizations to support email, calendar and contact exchange without problems in both environments.
“In a hybrid implementation of Exchange, an attacker who first obtains administrative access to an Exchange server in the facilities could potentially increase privileges within the cloud environment connected of the organization without leaving traces easily detectable and auditable,” Microsoft said. Both Exchange Server 2016 and Exchange Server 2019 are affected, and so is the Microsoft Exchange Server subscription edition.
Although there is still no evidence of abuse in nature, Microsoft has urged its clients to apply to the hotias of April 2025, the transition to the Dedicated Exchange Hybrid application and restore the credentials of the director of the shared service to mitigate the risk.
Through Bleepingcomputer
