Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation Now
Microsoft said Exchange Emergency Mitigation Service will automatically protect on-premises servers while permanent fixes are still pending.
- On Thursday, Microsoft released mitigations for CVE-2026-42897, a high-severity Exchange Server spoofing vulnerability that allows attackers to execute arbitrary JavaScript in Outlook Web Access via specially crafted emails.
- The vulnerability affects up-to-date Exchange Server and Exchange Server Subscription Edition software. The Exchange Team stated, "An attacker could exploit this issue by sending a specially crafted email to a user."
- Organizations should enable the Exchange Emergency Mitigation Service for automatic protection, while Admins with air-gapped servers can apply mitigations manually using the Mitigation Tool via the Exchange Management Shell with specific commands for all servers.
- Applying these measures causes issues, including broken OWA Print Calendar functionality and display problems for inline images, while Microsoft plans future patches requiring enrollment in the Period Exchange Server ESU program for older releases.
- EEMS was introduced in September 2021 to provide automated protection against high-risk threats following massive attacks involving ProxyLogon and ProxyShell; CISA and the National Security Agency released guidance to help Admins harden Microsoft Exchange servers after support ended.
16 Articles
16 Articles
Exploited Exchange Server flaw turns OWA inboxes into script launchpads
Microsoft has confirmed a vulnerability in on-premises Exchange Server that could result in surprise script execution in victims' browsers. Tracked as CVE-2026-42897, the flaw affects Outlook Web Access (OWA) and can be triggered by a specially crafted email opened in OWA, assuming "certain interaction conditions are met." The prize for attackers is arbitrary JavaScript execution in the mark's browser context. The advisory describes the flaw as …
In Microsoft's Exchange, there's a zero-day gap that already abuses attackers. Admins should act quickly.
A critical vulnerability currently threatens numerous local Exchange servers. Attackers can execute malicious code via prepared emails. A final patch is missing, which puts IT managers before difficult decisions. (Read more)
Microsoft has confirmed the active exploitation of the CVE-2026-42897 vulnerability in the Exchange Server, placing administrators and security teams on alert. Failure, classified as zero-day, is already being used in real attacks even before the availability of a definitive patch. The problem affects local environments of the Exchange Server and allows attacks involving Outlook Web Access (OWA) through a Cross-Site Scripting (XSS) vulnerability…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
