Ethical Hacking News
Microsoft has warned of a zero-day flaw in its Exchange Server software, which has been exploited in recent attacks. The vulnerability affects up-to-date versions of Exchange Server 2016, 2019, and SE software and allows threat actors to execute arbitrary code via cross-site scripting (XSS). Microsoft has shared mitigations for affected servers and plans to release patches for affected versions.
Microsoft has issued a warning regarding a high-severity Exchange Server vulnerability (CVE-2026-42897) that affects up-to-date servers.An attacker can exploit this issue by sending a specially crafted email to a user, executing arbitrary JavaScript in the browser context.Microsoft has shared mitigations for affected servers, including the Exchange Emergency Mitigation Service (EEMS).Applying mitigation measures may cause issues with OWA functionality, and users are advised to use alternative methods like Outlook Desktop client.Patches for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15 will be released, but only for customers enrolled in the Period 2 Exchange Server ESU program.
Microsoft has issued a warning regarding a high-severity Exchange Server vulnerability, which has been exploited in recent attacks. The vulnerability, identified as CVE-2026-42897, is a spoofing flaw that affects up-to-date Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE) software.
According to the Exchange Team, an attacker could exploit this issue by sending a specially crafted email to a user. If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context. This is a serious security flaw that poses a significant risk to users of Outlook on the web.
In response to this vulnerability, Microsoft has shared mitigations for affected servers. The Exchange Emergency Mitigation Service (EEMS) will provide automatic mitigation for Exchange Server 2016, 2019, and SE on-premises servers. This service runs as a Windows service on Exchange Mailbox servers and is automatically enabled on servers with the Mailbox role.
However, applying the mitigation measures on vulnerable servers will cause issues, including OWA Print Calendar functionality not working, inline images not displaying correctly in the recipients' OWA reading pane, and OWA light (OWA URL ending in /?layout=light) not working properly. To mitigate these issues, users are advised to copy data, take a screenshot of the calendar they want to print, or use the Outlook Desktop client.
Microsoft plans to release patches for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15, but notes that updates for Exchange 2016 and 2019 will only be available to customers enrolled in the Period 2 Exchange Server ESU program.
In October, weeks after Exchange 2016 and 2019 reached the end of support, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released guidance to help IT admins harden Microsoft Exchange servers against attacks. This guidance is aimed at helping organizations prepare for potential future vulnerabilities.
The fact that this vulnerability has been exploited in real-world attacks highlights the importance of keeping software up-to-date and applying security patches as soon as they become available. As with any vulnerability, it's crucial to take proactive measures to prevent exploitation. In this case, Microsoft's EEMS and other mitigation tools will provide critical protection for affected servers.
Microsoft has also released a statement about the attacks, urging users to apply the available mitigations and patches. The company's prompt response to this vulnerability is indicative of its commitment to maintaining the security of its products and protecting its customers.
As cybersecurity threats continue to evolve and become more sophisticated, organizations must remain vigilant and proactive in addressing potential vulnerabilities. This includes staying informed about emerging risks, applying security patches as soon as they become available, and taking steps to prevent exploitation. By doing so, individuals can help ensure the continued safety and security of their systems and data.
The recent revelation of this vulnerability serves as a reminder that cybersecurity threats are an ongoing concern for organizations and individuals alike. As with any new vulnerability, it's essential to stay informed about emerging risks and take proactive measures to prevent exploitation.
In conclusion, Microsoft has issued a warning regarding a high-severity Exchange Server vulnerability that has been exploited in recent attacks. By applying the available mitigations and patches, as well as taking proactive steps to prevent exploitation, individuals can help ensure the continued safety and security of their systems and data.
Related Information:
https://www.ethicalhackingnews.com/articles/MICROSOFT-EXCHANGE-ZERO-DAY-FLAW-A-THREAT-TO-OUTLOOK-ON-THE-WEB-USERS-ehn.shtml
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/
https://cybersecuritynews.com/microsoft-exchange-server-vulnerability-exploited/
Published: Fri May 15 05:50:16 2026 by llama3.2 3B Q4_K_M
