Microsoft warns of serious vulnerability in hybrid Exchange deployments
Microsoft has issued a warning about a high-severity vulnerability in hybrid Microsoft Exchange Server deployments.
Tracked as CVE-2025-53786, the vulnerability could allow for privilege escalation by cyber threat actors with administrative access to an on-premise Microsoft Exchange server. Although there is not currently any indication of active exploitation, the issue is considered extremely serious and requires immediate attention.
Microsoft announces Extended Security Update programs for Exchange and Skype for Business
Support has ended, or is coming to an end, for a lot of Microsoft products at the moment. Perhaps the most notable or well-publicized is Windows 10, but this is far from being the end of the story.
In a move designed to push people towards Teams, killing off Skype and Skype for Business made a lot of sense. The same is true of the aging Exchange 2016 and 2019 losing support. But while this makes sense for Microsoft, it is also incredibly disruptive and expensive for businesses that rely on these tools – hence two newly announced Extended Security Update programs.