【資安漏洞預警】Microsoft Exchange Server 存在重大資安漏洞(CVE-2025-59249)

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】Microsoft Exchange Server 存在重大資安漏洞(CVE-2025-59249) [Security Vulnerability Alert] Microsoft Exchange Server has a major security vulnerability (CVE-2025-59249)
公告內容	轉發台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202510-00000009 [內容說明] 微軟針對旗下產品Exchange Server發布重大資安漏洞公告(CVE-2025-59249，CVSS：8.8)，此漏洞為弱身分驗證漏洞，允許經授權的攻擊透過網路提升權限。 [影響平台] ● Microsoft Exchange Server Subion Edition RTM ● Microsoft Exchange Server 2019 Cumulative Update 15 ● Microsoft Exchange Server 2019 Cumulative Update 14 ● Microsoft Exchange Server 2016 Cumulative Update 23 [建議措施] 根據官方網站釋出解決方式進行修補：https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59249 [參考資料] https://www.twcert.org.tw/tw/cp-169-10447-4a433-1.html Forwarded by Taiwan Computer Network Crisis and Coordination Center (TWCERTCC-200-202510-00000009) [Description] Microsoft has released a critical security vulnerability advisory (CVE-2025-59249, CVSS: 8.8) for its Exchange Server product. This vulnerability, a weak authentication vulnerability, allows an authenticated attacker to escalate privileges over the network. [Affected Platforms] ● Microsoft Exchange Server Subscription Edition RTM ● Microsoft Exchange Server 2019 Cumulative Update 15 ● Microsoft Exchange Server 2019 Cumulative Update 14 ● Microsoft Exchange Server 2016 Cumulative Update 23 [Recommended Action] Patch according to the workaround released on the official website: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59249 [References] https://www.twcert.org.tw/tw/cp-169-10447-4a433-1.html
相關訊息
公告時間	2025/10/20 至 2026/4/20	點閱次數	38