Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage

June 25, 2026

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
Facebook X (Twitter) Instagram
Thursday, June 25
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Team-CWDBy Team-CWDMay 23, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue.

“Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network,” the tech giant said in a Thursday advisory.

Microsoft, which tagged the vulnerability with an “Exploitation Detected” assessment, said an attacker could weaponize it by sending a crafted email to a user, which, when opened in Outlook Web Access and subject to other “certain interaction conditions,” can allow arbitrary JavaScript code to be executed in the context of the web browser.

Redmond also noted that it’s providing a temporary mitigation through its Exchange Emergency Mitigation Service, while it’s readying a permanent fix for the security defect.

The Exchange Emergency Mitigation Service will provide the mitigation automatically via a URL rewrite configuration, and is enabled by default. If it’s not on, users are advised to enable the Windows service.

According to Microsoft, Exchange Online is not impacted by this vulnerability. The following on-premises Exchange Server versions are affected –

  • Exchange Server 2016 (any update level)
  • Exchange Server 2019 (any update level)
  • Exchange Server Subscription Edition (SE) (any update level)

If using the Exchange Emergency Mitigation Service is not an option due to air-gap restrictions, the company has outlined the following series of actions –

  • Download the latest version of the Exchange on-premises Mitigation Tool (EOMT) from aka[.]ms/UnifiedEOMT.
  • Apply the mitigation on a per-server basis or on all servers at once by running the script via an elevated Exchange Management Shell (EMS):
    • Single server: .EOMT.ps1 -CVE “CVE-2026-42897”
    • All servers: Get-ExchangeServer | Where-Object { $_.ServerRole -ne “Edge” } | .EOMT.ps1 -CVE “CVE-2026-42897”

Microsoft said it’s also aware of a known issue where the mitigation shows the “Mitigation invalid for this exchange version.” in the Description field. “This issue is cosmetic and the mitigation DOES apply successfully if the status is shown as ‘Applied,'” the Exchange Team said. “We are investigating on how to address this.”

There are currently no details on how the vulnerability is being exploited, the identity of the threat actor behind the activity, or the scale of such efforts. It’s also unclear who the targets are and if any of those attacks were successful. In the interim, it’s recommended to apply the mitigations recommended by Microsoft.

Update

The U.S.Cybersecurity and Infrastructure Security Agency (CISA), on May 15, 2026, added CVE-2026-42897 Mi to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary mitigations by May 29, 2026.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleCisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Next Article What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
Team-CWD
  • Website

Related Posts

News

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026
News

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

June 24, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Scams target soccer fans with fake World Cup tickets, merchandise

May 22, 2026

Is it time for internet services to adopt identity verification?

January 14, 2026

Chronology of a Skype attack

February 5, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.