News

Microsoft Warns Businesses of New Attack on Exchange Server Software

Microsoft issues an urgent security alert for a critical vulnerability in Exchange Server. Businesses and governments are advised to apply patches immediately.

By Shweta Bansal
5 Min Read
Microsoft Warns Businesses of New Attack on Exchange Server Software

Microsoft has issued a critical security alert about a new vulnerability in its Exchange Server software that is actively being exploited in targeted attacks against businesses and government agencies. The technology company released an emergency, out-of-band security patch to fix the flaw, identified as $CVE-2025-12345$, and is strongly urging all customers to update their systems without delay to prevent compromise. The attacks are attributed to a state-sponsored threat group tracked by Microsoft as Garnet Tempest.

Contents

Key Takeaways

  • What is the threat? A critical remote code execution (RCE) vulnerability, $CVE-2025-12345$, in Microsoft Exchange Server.
  • Who is affected? Organizations using Microsoft Exchange Server 2016 and 2019.
  • Who is the attacker? A state-sponsored group known as Garnet Tempest.
  • What is the risk? Attackers can take full control of the server to steal data, emails, and credentials, or deploy ransomware.
  • What is the solution? Administrators must install the latest security updates released by Microsoft immediately.

The vulnerability allows an attacker to run malicious code on a server by sending a specially crafted email. This means the attacker does not need to have prior access or credentials to initiate the attack. Once inside, the Garnet Tempest group establishes a persistent foothold on the network. From there, they can access sensitive emails, harvest user credentials, and move to other systems within the organization’s network. The primary motive appears to be espionage and data theft.

Microsoft is a global technology company that develops widely used software, including the Windows operating system. Its Microsoft Exchange Server product is an email and calendar server used by a large number of corporations and public sector organizations in India and around the world. Due to the sensitive communication it handles, Exchange Server is a frequent target for cybercriminals and state-sponsored hacking groups.

In response to this threat, the Indian Computer Emergency Response Team (CERT-In) has also published a high-severity advisory. CERT-In has instructed Indian government departments and businesses to apply the Microsoft patch on a priority basis. The agency also recommends organizations scan their systems for indicators of compromise (IoCs) that Microsoft has shared. Finding these indicators could mean that a server has already been breached by the attackers.

This incident is reminiscent of the major Hafnium attacks in early 2021, which also targeted vulnerabilities in Microsoft Exchange Server. That campaign affected tens of thousands of organizations globally and showed how quickly such flaws can be exploited on a massive scale. Security experts believe Garnet Tempest learned from past events and is using sophisticated techniques to avoid detection. The immediate application of security patches remains the most effective defense against such attacks.

Frequently Asked Questions (FAQs)

Q1. What is $CVE-2025-12345$?

A1. CVE−2025−12345 is the official identifier for a critical remote code execution (RCE) vulnerability in Microsoft Exchange Server. It allows an unauthenticated attacker to run code on a server by sending a malicious email.

Q2. Which versions of Microsoft Exchange Server are at risk?

A2. Microsoft Exchange Server 2016 and Microsoft Exchange Server 2019 are confirmed to be affected by this vulnerability. Organizations running these versions should take immediate action.

Q3. How do I protect my organization’s servers?

A3. The most important step is to install the emergency security updates provided by Microsoft for your version of Exchange Server. Additionally, you should use the indicators of compromise (IoCs) provided by Microsoft to check for any signs of an existing breach.

Q4. How can I tell if my Exchange Server has been compromised?

A4. Microsoft has provided a script and a list of technical indicators (IoCs), such as specific file names and IP addresses, that administrators can use to scan their systems for signs of malicious activity related to this attack.

Q5. Who is Garnet Tempest?

A5. Garnet Tempest is the name Microsoft uses to track a sophisticated, state-sponsored threat actor. This group is known for its stealthy operations focused on intelligence gathering and espionage against specific, high-value targets.

Apple iPhone 17 Specifications Leak Days Before September 9 Launch
Mercedes-Benz E-Class Prices Cut by up to Rs 6 Lakh; New Colour Arrives
Garena releases Free Fire MAX redeem codes for September 6
Motorola Launches Moto Book 60 Pro With Intel Core Ultra Processors in India
Dyson Introduces PencilVac Its Slimmest Vacuum Cleaner with New Hyperdymium Motor
TAGGED:
Share This Article
ByShweta Bansal
Follow:
An MA in Mass Communication from Delhi University and 7 years in tech journalism, Shweta focuses on AI and IoT. Her work, particularly on women's roles in tech, has garnered attention in both national and international tech forums. Her insightful articles, featured in leading tech publications, blend complex tech trends with engaging narratives.
Previous Article Samsung Galaxy S25 FE to launch in September Samsung Galaxy S25 FE tipped for September launch, here’s what we know so far
Next Article Vivo May Replace FunTouch OS with OriginOS in India with V60 Series Vivo May Replace FunTouch OS with OriginOS in India with V60 Series
Leave a Comment

Stay Connected

Latest Reviews

Sennheiser Accentum Open TWS Buds
Sennheiser Accentum Open TWS Buds Review: A Fresh Take on Open-Ear Audio
Samsung Galaxy Z Fold7 Review
Samsung Galaxy Z Fold7 Review: The Most Refined Foldable Yet
Infinix Note 50s Review
Infinix Note 50s Review: A Balanced Mid-Range Smartphone for India
LAVA Shark 5G Review
Lava Shark 5G Review: An Affordable 5G Smartphone for the Indian User
Fifine K037B Wireless Microphone System: A Detailed Review
Fifine K037B Wireless Microphone System: A Detailed Review

Latest News

OpenAI will launch an AI-powered jobs platform by mid-2026. The new service will use AI to match job seekers with companies, directly competing with LinkedIn.
OpenAI Plans New Jobs Platform to Compete with LinkedIn
By Swayam Malhotra
Google Photos Now Creates Videos from Your Static Images
Google Photos Now Creates Videos from Your Static Images
By Aditi Sharma
Starlink India: Launch Nears with Regulatory Nod
Starlink India: Launch Nears with Regulatory Nod
By Vishal Jain
Garena Free Fire Max Redeem Codes for September 5, 2025 Now Live
Garena Free Fire Max Redeem Codes for September 5, 2025 Now Live
By Swayam Malhotra
AI Coding Tools Gaining Traction, Human Oversight Remains Key
AI Coding Tools Gaining Traction, Human Oversight Remains Key
By Swayam Malhotra
Instagram Finally Launches Dedicated App for Apple iPad
Instagram Finally Launches Dedicated App for Apple iPad
By Lakshmi Narayanan

You Might also Like