The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive ED 25-02 in response to a high-severity Microsoft Exchange hybrid-joined vulnerability CVE-2025-53786, CVSS 8.0 The flaw allows attackers with post-authentication access to move laterally from on-prem Exchange to Microsoft 365, a serious risk for federal systems and any hybrid Exchange environment.
Scope: Microsoft 365 tenants, Active Directory, and Windows Server hosts running on-prem Exchange.
Risk: Privilege escalation in Exchange Online without detection.
Liongard enables MSPs to find exposures fast, act quickly, and continuously monitor for drift delivering immediate customer wins while building a sustainable security workflow.
Steps for remediation with Liongard:
Phase 1 | Assessment & Discovery
Goal: Find hybrid environments, pinpoint affected servers, size the risk.
Locate Hybrid Tenants
- Liongard Metric: Office 365: Directory Sync Enabled (Microsoft 365 Inspector)
- Value: Instantly confirms if a tenant is hybrid.
Identify Vulnerable Exchange Builds
- Liongard Metric: Windows Server: Running Microsoft Exchange (filter by CVE-affected versions).
- Optional: Custom metric for a clean list of at-risk servers.
Build a Visual Insights Dashboard
- Include: Hybrid state, Exchange servers + versions, on-prem/cloud privileged accounts.
- Value: One view of hybrid state, admin access, and server risk.
Phase 2 | Risk & Exposure Audit
Goal: Baseline admin accounts and verify MFA controls.
Baseline On-Prem Privileged Accounts
- Liongard Metrics: AD privileged users, domain admins, groups.
Baseline Cloud Privileged Accounts
- Liongard Metrics: O365 privileged users, global admins, active privileged users in last 30 days.
Verify MFA Enforcement
- Liongard Custom Metric: Spot privileged accounts missing enforced MFA.
Phase 3 | Monitoring & Alerting
Goal: Detect and respond to privilege changes and patch status.
Alert on AD Privilege Changes
- Trigger: New privileged account or privilege escalation.
Alert on M365 Privilege Changes
- Trigger: New global admin or sensitive role changes.
Monitor Exchange Patch Status
- Liongard Metrics: Installed/available updates; optional metric for missing CVE patch.
Phase 4 | Ongoing Visibility
Goal: Maintain daily awareness and audit readiness.
Track Drift in Timeline
- Save filtered views for hybrid state, privileged accounts, Exchange versions.
- Value: Automatic, defensible change history.
Immediate Value
- Quick Scope: Find hybrid instantly with Directory Sync Enabled.
- Targeted Patching: Patch only vulnerable servers.
- Privilege Clarity: Single-page view of all admin accounts.
- Change Awareness: Automated PSA alerts for risky changes.
- Audit-Ready: Continuous, provable history of critical changes.
Bonus: Prepare for Windows 10 End of Support – October 2025
This is the perfect moment to tackle another high-impact project: migrating legacy Windows 10 machines.
The Challenge: Manual compatibility checks are slow, resource-heavy, and error-prone.
The Liongard Advantage: Automated Windows 11 readiness checks for every endpoint instantly revealing which machines are ready, which aren’t, and why.
MSP Benefits:
- Plan Ahead: Present upgrade roadmaps with exact counts and reasons.
- Save Time: Scan entire fleets in minutes, not weeks.
- Win Deals: Use compatibility data to stand out in sales conversations.
- Build Trust: Prevent issues before they hit end-of-support.
- Drive Revenue: Every incompatible device is a hardware refresh or project opportunity.
Get Started: Use Liongard’s Windows Workstations Status Report with the Windows 11 Compatibility widget. Drill into clients, export reports, and set PSA alerts for incompatible machines.
Connect with us to learn more about solving for CVE-2025-53786, CVSS 8.0