Risky Bulletin Newsletter
August 08, 2025
Risky Bulletin: CISA tells federal agencies to mitigate on-prem-to-cloud Exchange attack
Presented by

News Editor
CISA has released a rare emergency directive ordering federal agencies to patch a new attack vector in Microsoft Exchange email servers.
Federal agencies have four days, until August 11, to address the issue and apply mitigations shared by Microsoft on Wednesday.
The guidance addresses a vulnerability (actually more of a design flaw) in hybrid environments, where Exchange on-premise servers sync data to an Exchange Online instance.