Skip to content
VULNERABILITY
Elevation of Privilege (EoP) Flaw in Hybrid Microsoft Exchange
Elevation of Privilege (EoP) flaw in hybrid Microsoft Exchange Server deployments (CVE-2025-53786) allows attackers with administrative rights on an on-premises Exchange Server to exploit the shared service principal. This vulnerability allows attackers to an on-premises Exchange Server to escalate their privileges and take control of the connected Exchange Online system.
Please review the scope of work below prior to authorizing NCI to remediate.
Scope of work:
- Install the latest Cumulative Update (SU) for Exchange Server and patch to the latest Security Update (SU).
- Review current Hybrid configuration and deploy dedicated Exchange Hybrid app on server if needed.
- Run Microsoft HealthChecker to determine if additional steps are required.
Remediation will require services to restart and will require scheduled downtime to complete the installation.
Please note: Remediation and updates have the potential to cause other unforeseen issues or conflicts between software and/or hardware. If additional work is needed to get all systems and software to acceptable levels due to compatibility issues or conflicts, the time associated will be billed at time and materials.
If you would like to schedule the remediation work outside of your business hours please have the point of contact in your support ticket communicate with our scheduling team so we can accommodate.
By completing the following form, you agree to the scope of work and remediation estimate.
The form you are trying to access is now closed.
To submit a remediation request for FortiOS – Critical Vulnerability on Out-of-bound Write in sslvpnd, please navigate to our Contact Us form. In your message, be sure to include the name of the vulnerability and specify that it is a remediation request.
We appreciate your understanding and look forward to assisting you with your request.