🟠 High | Source: Microsoft Security Response Center
CVE-2026-45504 is an Elevation of Privilege vulnerability affecting Microsoft Exchange Server, meaning an attacker could potentially gain higher-level permissions than intended on an affected system. This update is an acknowledgement addition and carries no change to the technical details or patch guidance. Organisations running Exchange Server on-premises or in hybrid configurations should remain aware of the underlying vulnerability.
Security Architect’s Take: No immediate action is required as this is an informational update only; however, architects should confirm that patches addressing CVE-2026-45504 have already been applied across all Exchange Server instances, particularly in hybrid Azure/on-premises deployments where Exchange is a common lateral movement target.
Original advisory: CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability