Over 29,000 Unpatched Exchange Servers Could Be The Targets Of Threat Actors
Over 29,000 Exchange servers exposed online remain unpatchedagainst a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise.
We added Microsoft Exchange CVE-2025-53786 detection to our daily scans (version based). See US CISA Emergency Directive 25-02: http://www.cisa.gov/news-events/…Over 28K IPs unpatched (2025-08-07). Top affected: US, Germany, RussiaDashboard world map: dashboard.shadowserver.org/statistics/c…
Commenting on this is Martin Jartelius, CTO at Outpost24:
“The scale of unpatched Exchange servers is concerning, but not surprising. Initial guidance on this flaw included isolating end-of-life and end-of-support systems, and many organizations were already running far older, unmaintainable infrastructure before April’s patch was released.
This vulnerability affects hybrid environments. Many cloud-first businesses have already moved to Microsoft 365, and without deeper analysis it’s unclear how many of these identified servers are truly at risk. Some may determine the conditions for exploitation don’t exist in their setup and choose not to prioritize mitigation.
However, even if the exploitation risk is low, leaving a known vulnerability unpatched is an open invitation to attackers. We advise organizations to continuously assess and remediate such issues to reduce their attack surface and strengthen resilience.”
The CISA has a directive about this issue that you can find here. There’s also an interactive map here. And if you run a Microsoft Exchange hybrid-joined environment, you should follow the guidance in the CISA directive ASAP.
This entry was posted on August 11, 2025 at 4:49 pm and is filed under Commentary with tags CISA, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Over 29,000 Unpatched Exchange Servers Could Be The Targets Of Threat Actors
Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise.
Commenting on this is Martin Jartelius, CTO at Outpost24:
“The scale of unpatched Exchange servers is concerning, but not surprising. Initial guidance on this flaw included isolating end-of-life and end-of-support systems, and many organizations were already running far older, unmaintainable infrastructure before April’s patch was released.
This vulnerability affects hybrid environments. Many cloud-first businesses have already moved to Microsoft 365, and without deeper analysis it’s unclear how many of these identified servers are truly at risk. Some may determine the conditions for exploitation don’t exist in their setup and choose not to prioritize mitigation.
However, even if the exploitation risk is low, leaving a known vulnerability unpatched is an open invitation to attackers. We advise organizations to continuously assess and remediate such issues to reduce their attack surface and strengthen resilience.”
The CISA has a directive about this issue that you can find here. There’s also an interactive map here. And if you run a Microsoft Exchange hybrid-joined environment, you should follow the guidance in the CISA directive ASAP.
Share this:
Like this:
Related
This entry was posted on August 11, 2025 at 4:49 pm and is filed under Commentary with tags CISA, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.