Skip to content
Tech News
← Back to articles

Microsoft warns of Exchange zero-day flaw exploited in attacks

2026-05-15 | original
read original get Microsoft Exchange Security Patch → more articles
Why This Matters

Microsoft has issued warnings about a critical Exchange Server zero-day vulnerability (CVE-2026-42897) that is actively being exploited, allowing attackers to execute arbitrary code via cross-site scripting in Outlook on the web. While a permanent fix is pending, the Exchange Emergency Mitigation Service offers immediate automated protection, emphasizing the importance of timely security measures for organizations relying on Exchange Server. This highlights the ongoing risks and the need for proactive defense strategies in enterprise email infrastructure.

Key Takeaways

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users.

Microsoft describes this security flaw (CVE-2026-42897) as a spoofing vulnerability affecting up-to-date Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE) software.

While patches aren't yet available to permanently fix the vulnerability, the company added that the Exchange Emergency Mitigation Service (EEMS) will provide automatic mitigation for Exchange Server 2016, 2019, and SE on-premises servers.

"An attacker could exploit this issue by sending a specially crafted email to a user. If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context," the Exchange Team said.

"Using EM Service is the best way for your organization to mitigate this vulnerability right away. If you have EM Service currently disabled, we recommend you enable it right away. Please note that EM Service will not be able to check for new mitigations if your server is running Exchange Server version older than March 2023."

EEMS was introduced in September 2021 to provide automated protection for on-premises Exchange servers, securing them against ongoing attacks by applying interim mitigations for high-risk (and likely actively exploited) vulnerabilities.

EEMS runs as a Windows service on Exchange Mailbox servers and is automatically enabled on servers with the Mailbox role. The security feature was added after many hacking groups exploited ProxyLogon and ProxyShell zero-days (which lacked patches or mitigation information) to breach Internet-exposed Exchange servers.

Admins with servers in air-gapped environments can also mitigate the flaw by downloading the latest Exchange on-premises Mitigation Tool (EOMT) version and applying the mitigation by running the script via an elevated Exchange Management Shell (EMS) with one of the following commands:

Single server: .\EOMT.ps1 -CVE "CVE-2026-42897"

All servers: Get-ExchangeServer | Where-Object { $_.ServerRole -ne "Edge" } | .\EOMT.ps1 -CVE "CVE-2026-42897"

... continue reading

Explore topics: exchange server microsoft cve-2026-42897 outlook web access exchange emergency mitigation
Related:
Microsoft to automatically roll back faulty Windows drivers
What the jury will actually decide in the case of Elon Musk vs. Sam Altman
Microsoft Copilot Can Collect Data From Your Edge Browser Tabs to Get to Know You
Xbox Elite Controller 3 leaked by Brazilian regulator
WinUI 3 Performance: A Leap Forward

© 2026 GoKawiil

About | Editorial Policy | Contact