When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft rolls out August 2025 security patches for Exchange Server

Microsoft has released August 2025 Security Updates (SUs) for Exchange Server deployments, containing fixes for the recent, high-severity CVE-2025-53786 flaw.

Neowin · with 2 comments

Microsoft and Exchange logos monochrome on dark background

Earlier today, we reported that Microsoft is tracking a high-severity security flaw in hybrid Exchange Server deployments that enables an attacker who has gained on-prem administrative rights to take control of the Exchange Online environment too. Now, the Redmond tech firm has released security updates (SUs) for Exchange Server to address the issue, alongside rolling out Patch Tuesday updates for Windows 10 and Windows 11.

Following the discovery of vulnerabilities in Exchange Server deployments, Microsoft has released SUs for Exchange Server Subscription Edition (SE), Exchange Server 2019 CU14 and CU15, and Exchange Server 2016 CU23. Exchange Server deployments not running any of the aforementioned cumulative updates (CUs) should first install a supported CU. It is important to note that these SUs are not applicable to Exchange Online environments since those are already protected from these cybersecurity vulnerabilities.

In addition, Microsoft has highlighted that the November 2024 SU for Exchange Server introduced enhancements to the Antimalware Scan Interface (AMSI) integration, allowing scanning of the HTTP message body. This will now be enabled by default once you install the August 2025 SUs, but if you notice performance degradation, you can refer to this guidance to disable HTTP body scanning in AMSI.

Microsoft has recommended customers install the latest SUs on all Exchange Servers within their organizations, even if they are just being used to run Exchange Server Management Tools. The dowload links to the SUs for applicable Exchange Server deployments can be found below:

Since Exchange Server SUs are cumulative in nature, you'll receive all previous security updates along with the patch for the recent CVE-2025-53786 vulnerability once you install the August 2025 SUs.

The Samsung SSD 990 PRO with a heatsink and RGB lights
Next Article

4TB Samsung 990 PRO SSD with a heatsink is now availalbe at the lowest price

A picture of the new iPhone 15 pro lineup
Previous Article

Deal alert: "Grade A" Refurbed iPhone 15 Pro Max now 29% off

2 Comments

Load the comments and join the conversation!

Read the comments, ask the editors questions, show respect and join the conversation.

Click here