Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
,
Microsoft warns of active exploitation of Exchange Server flaw CVE-2026-42897
Advertisements

Microsoft is warning that attackers are actively exploiting CVE-2026-42897, a critical cross-site scripting flaw in on-premises Exchange Server that can let an unauthorized attacker perform spoofing over a network. The issue affects Exchange Server Subscription Edition RTM, Exchange Server 2019, and Exchange Server 2016, while Exchange Online is not impacted.

The bug was flagged by an anonymous researcher and carries a CVSS score of 8.1, according to The Hacker News. Microsoft said an attacker could abuse the flaw by sending a specially crafted email to a target, which, if opened in Outlook Web Access and combined with certain interaction conditions, may allow arbitrary JavaScript to run in the browser context. Both Help Net Security and The Hacker News said Microsoft has tagged the issue with an “Exploitation Detected” assessment.

Microsoft has not shared details about the in-the-wild activity, including who is behind it, who is being targeted, or whether the attacks have been successful. That uncertainty aside, the company says it is working on a permanent fix and plans to release updates for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15, with updates for Exchange 2016 and 2019 limited to customers enrolled in the Period 2 Exchange Server ESU program, Help Net Security reported.

Until a patch arrives, Microsoft is leaning on temporary mitigations through the Exchange Emergency Mitigation Service, which is enabled by default and can apply the mitigation automatically. If that service is not available, Microsoft also pointed to the Exchange on-premises Mitigation Tool, or EOMT, which can be run manually on affected servers. The Hacker News said Microsoft noted the mitigation is delivered through a URL rewrite configuration and described one cosmetic issue where the tool may display “Mitigation invalid for this exchange version” even when the status shows as applied.

The disclosure adds to a busy stretch for Exchange administrators, but the immediate focus is narrow: Microsoft says this flaw is already being used in attacks, and the company is still preparing the permanent update. For now, organizations running impacted on-premises versions are on notice that the exposure is live, not theoretical.

Sources

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers of this website cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading