As of Monday, a staggering 29,000 Microsoft Exchange servers remain unpatched, just hours before CISA’s deadline ends. Hackers can exploit severe flaws and use these servers as springboards to gain access to cloud resources and compromise the entire stack of Microsoft 365 services.
The US cyber watchdog has been ringing the alarm bell since the severe Microsoft Exchange server vulnerability was discovered last week.
“This vulnerability poses grave risk to all organizations operating Microsoft Exchange hybrid-joined configurations,” warned the US Cybersecurity and Infrastructure Security Agency (CISA), which mandated that all federal agencies fix the issue and report back by 9:00 AM EDT on Monday, August 11th, 2025.
Shadowserver’s public scans unveil 29,000 unpatched Microsoft Exchange servers just hours before the deadline ends.
Most of the vulnerable servers are in the US, with a total of 7,296 counted IP addresses.
Germany is second with 6,682 vulnerable and publicly exposed IPs, followed by Russia (2,513), France (1,558), the UK (955), Austria (928), Canada (860), and other countries with hundreds of servers.
The number of vulnerable servers did not budge in four days since tracking of the flaw began.
The high-severity vulnerability, labeled CVE-2025-53786, enables hackers with admin access to any local Microsoft Exchange server to quickly escalate privileges and gain significant control of a victim’s M365 Exchange environment in the cloud.
Applying the patch is not enough to mitigate the issue, and network admins must follow the guidance detailed in Microsoft’s advisory and CISA’s emergency directive.
The flaw affects all versions of unpatched Microsoft Exchange on-premise servers, including 2016, 2019, and Subscription Editions, and end-of-life versions should’ve been disconnected.
Your email address will not be published. Required fields are markedmarked