Microsoft Exchange Server Zero-Day Vulnerability Exploited in Attacks

Post Views: 6

Microsoft Warns of Critical Exchange Vulnerability Exploited in Attacks

The tech giant has issued a warning about a high-severity vulnerability in its Exchange Server software, which allows attackers to execute arbitrary code via cross-site scripting (XSS). This weakness affects up-to-date versions of Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE).

Affected Systems and Threats

Exchange Server 2016
Exchange Server 2019
Exchange Server Subscription Edition (SE)

The vulnerability, identified as CVE-2026-42897, enables an attacker to send a specially crafted email to a user. When the user opens the email in Outlook Web Access and meets specific interaction conditions, arbitrary JavaScript can be executed in the browser context.

Mitigation Options

To address this issue, Microsoft recommends enabling the Exchange Emergency Mitigation Service (EEMS), which provides automatic mitigation for affected systems. EEMS is a Windows service that runs on Exchange Mailbox servers and applies interim mitigations for high-risk vulnerabilities.

According to Microsoft, “Administrators can also use PowerShell scripts to apply the mitigation manually. For instance, administrators can run the following command on individual servers:.\\EOMT.ps1 -CVE \"CVE-2026-42897\" or on all servers: Get-ExchangeServer | Where-Object { $_.ServerRole -ne "Edge" } |.\\EOMT.ps1 -CVE \"CVE-2026-42897\".”

Microsoft plans to release patches for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15. However, updates for Exchange 2016 and 2019 will only be available to customers enrolled in the Period 2 Exchange Server ESU program.

Additional Guidance

In related news, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released guidance to help IT administrators harden Microsoft Exchange servers against attacks. The guidance emphasizes the importance of implementing robust security measures to prevent exploitation of vulnerabilities like CVE-2026-42897.

The vulnerability highlights the ongoing threat posed by sophisticated attacks on organizations’ networks and email systems. As such, it is essential for organizations to stay vigilant and implement robust security measures to protect themselves against emerging threats.