Microsoft has released security updates to address CVE-2025-14524, a critical vulnerability affecting multiple products. Immediate action required.
Microsoft has released security updates to address CVE-2025-14524, a critical vulnerability affecting multiple products. Organizations must apply these updates immediately to prevent potential exploitation.
Vulnerability Details
CVE-2025-14524 is a critical remote code execution vulnerability in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same user rights as the Exchange server account. The vulnerability could allow an attacker to run arbitrary code with elevated privileges on the affected system.
Affected Products
The following versions are affected:
- Microsoft Exchange Server 2019
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2010 (extended support ended)
Severity and CVSS Score
This vulnerability has been assigned a CVSS score of 9.8 (Critical). The base vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Exploitation Status
Microsoft has detected limited targeted exploitation of this vulnerability in the wild. Organizations using affected versions should prioritize patching immediately.
Mitigation
Microsoft has released security updates to address this vulnerability. Organizations should apply the updates as soon as possible.
For Exchange Server 2019:
- Install Security Update KB5044442
For Exchange Server 2016:
- Install Security Update KB5044441
For Exchange Server 2013:
- Install Security Update KB5044440
Workarounds
If immediate patching is not possible, Microsoft recommends the following workarounds:
- Configure Exchange Server to block access from untrusted networks
- Implement IP restrictions on Exchange Server services
- Disable the affected protocols through Exchange Management Shell
Timeline
- Vulnerability discovered: February 2025
- Security release: March 12, 2025
- Next security update: April 8, 2025
Organizations should refer to the Microsoft Security Response Center for the most current information about this vulnerability and additional guidance.
Additional resources:
Comments
Please log in or register to join the discussion