3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
Earlier today, we reported that Microsoft is tracking a high-severity security flaw in hybrid Exchange Server deployments that enables an attacker who has gained on-prem administrative rights to take control of the Exchange Online environment too. Now, the Redmond tech firm has released security updates (SUs) for Exchange Server to address the issue, alongside rolling out Patch Tuesday updates for Windows 10 and Windows 11.
Following the discovery of vulnerabilities in Exchange Server deployments, Microsoft has released SUs for Exchange Server Subscription Edition (SE), Exchange Server 2019 CU14 and CU15, and Exchange Server 2016 CU23. Exchange Server deployments not running any of the aforementioned cumulative updates (CUs) should first install a supported CU. It is important to note that these SUs are not applicable to Exchange Online environments since those are already protected from these cybersecurity vulnerabilities.
In addition, Microsoft has highlighted that the November 2024 SU for Exchange Server introduced enhancements to the Antimalware Scan Interface (AMSI) integration, allowing scanning of the HTTP message body. This will now be enabled by default once you install the August 2025 SUs, but if you notice performance degradation, you can refer to this guidance to disable HTTP body scanning in AMSI.
Microsoft has recommended customers install the latest SUs on all Exchange Servers within their organizations, even if they are just being used to run Exchange Server Management Tools. The dowload links to the SUs for applicable Exchange Server deployments can be found below:
- Security Update for Exchange Server Subscription Edition SU1 (KB5063224)
- Security Update for Exchange Server 2019 CU14 SU6 (KB5063222)
- Security Update for Exchange Server 2019 CU15 SU3 (KB5063221)
- Security Update for Exchange Server 2016 CU23 SU17 (KB5063223)
Since Exchange Server SUs are cumulative in nature, you'll receive all previous security updates along with the patch for the recent CVE-2025-53786 vulnerability once you install the August 2025 SUs.
Hope you enjoyed this news post.
Posted Wednesday 13 August 2025 at 5:41 pm AEST (my time).
News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of July): 3,458
RIP Matrix | Farewell my friend
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.