Ethical Hacking News
A new critical vulnerability has been discovered in Microsoft Exchange Server, allowing attackers to perform spoofing over a network through crafted emails. This article provides an in-depth analysis of the vulnerability and offers guidance on how to mitigate it. Stay ahead of the threats with our expert insights and advice.
A new security vulnerability (CVE-2026-42897) has been discovered in Microsoft Exchange Server, impacting on-premise versions. The vulnerability allows attackers to perform spoofing over a network through crafted emails. Mitigation is available through the Exchange Emergency Mitigation Service or by applying the mitigation script. Users are advised to enable the Windows service if using the Exchange Emergency Mitigation Service is not an option due to air-gap restrictions.
Microsoft has recently disclosed a new security vulnerability impacting on-premise versions of Exchange Server, which has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. This article will delve into the details of this vulnerability and provide an in-depth analysis of its impact on Microsoft Exchange Server.
The vulnerability was discovered by an anonymous researcher who credited with discovering and reporting the issue. According to Microsoft, the vulnerability allows an unauthorized attacker to perform spoofing over a network by sending a crafted email to a user, which, when opened in Outlook Web Access and subject to other "certain interaction conditions," can allow arbitrary JavaScript code to be executed in the context of the web browser.
To mitigate this vulnerability, Microsoft has provided a temporary mitigation through its Exchange Emergency Mitigation Service. This service provides the mitigation automatically via a URL rewrite configuration, and is enabled by default. However, users are advised to enable the Windows service if using the Exchange Emergency Mitigation Service is not an option due to air-gap restrictions.
For users who require more control over the mitigation process, Microsoft has outlined a series of actions that can be taken. These include downloading the latest version of the Exchange on-premises Mitigation Tool (EOMT) and applying the mitigation on a per-server basis or on all servers at once by running the script via an elevated Exchange Management Shell (EMS).
One important note to mention is that the Exchange Emergency Mitigation Service will provide the mitigation automatically via a URL rewrite configuration, but this can sometimes result in a "Mitigation invalid for this exchange version" error. This issue is cosmetic and the mitigation does apply successfully if the status is shown as "Applied." Microsoft is currently investigating on how to address this issue.
In conclusion, the recent vulnerability impacting Microsoft Exchange Server has significant implications for organizations that rely on these servers for their email needs. It is essential that users take immediate action to mitigate this vulnerability by enabling the Exchange Emergency Mitigation Service or applying the mitigation via the script provided by Microsoft.
A new security vulnerability has been discovered in Microsoft Exchange Server, allowing attackers to perform spoofing over a network through crafted emails. This article provides an in-depth analysis of the vulnerability and offers guidance on how to mitigate it. Stay ahead of the threats with our expert insights and advice.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Vulnerability-Thats-Exploiting-Microsoft-Exchange-Server-A-Comprehensive-Analysis-ehn.shtml
https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html
https://nvd.nist.gov/vuln/detail/CVE-2026-42897
https://www.cvedetails.com/cve/CVE-2026-42897/
Published: Fri May 15 02:03:18 2026 by llama3.2 3B Q4_K_M
