Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)
“在Exchange Hybrid部署中,首先获得对本地Exchange Server的行政访问权限的攻击者可能会在组织的连接云环境中升级特权,而无需留下容易被检测到的可审核跟踪,” Microsoft在周三宣布。 The privilege escalation can be performed by exploiting CVE-2025-53786, a newly disclosed vulnerability that stems from Exchange Server and Exchange Online sharing the same service principal –
