© 2026 CoolTechZone - Latest tech news,
product reviews, and analyses.

28,000 Microsoft Exchange Servers are still missing a critical emergency patch


According to The Shadowserver Foundation, over 28,000 Microsoft Exchange Servers haven’t installed an emergency patch that was released last week.

On Wednesday, August 6th, Microsoft released an emergency patch for a vulnerability in Microsoft Exchange Server outside of its regular monthly patch cycle. The Redmond-based tech company for so because it expects hackers to exploit the security flaw.

The vulnerability, known as CVE-2025-53786, exists in Exchange Server 2019 and Exchange Server Subscription Edition RTM.

The issue occurs in hybrid Exchange installations. These are environments where on-premises Exchange Servers are combined with Exchange Online to create a single mail system. This is an intermediate step for organizations that want to migrate from on-premises to Exchange Online.

CVE-2025-53786 concerns a vulnerability where an attacker with administrator access to an on-premises Exchange Server can escalate their privileges to the organization’s cloud environment without leaving detectable traces, thereby compromising the integrity of the Exchange Online service.

The Cybersecurity and Infrastructure Security Agency (CISA), America’s cybersecurity agency, released a public announcement on Wednesday, urging organizations and businesses to install Microsoft’s hotfix to solve the issue.

However, not everybody seems to be that eager to improve their Microsoft Exchange Server’s security.

According to The Shadowserver Foundation there are currently over 28,000 Microsoft Exchange Servers that haven’t installed Microsoft’s emergency patch. Most of them are located in the United States (7.4K), Germany (6.9K), Russia (2.5K), and France (1.7K).

The Shadowserver Foundation is a nonprofit security organization that collects and analyzes data on malicious internet activities and reports its findings to law enforcement authorities worldwide. The organization added CVE-2025-53786 to its daily scans of the internet and found that thousands of businesses still haven’t updated their Microsoft Exchange Servers.