Microsoft issued an urgent security alert regarding a newly discovered vulnerability in Exchange Server<\/a> that is currently being exploited in the wild.<\/p>\n Tracked as CVE-2026-42897, this critical spoofing flaw carries a high CVSS 3.1 severity score of 8.1 and directly impacts on-premises email infrastructure.<\/p>\n Threat actors are actively exploiting this network-based weakness to compromise organizational systems before a permanent patch is finalized.<\/p>\n Cybersecurity analysts have confirmed that the vulnerability specifically targets the Microsoft Exchange Outlook Web Access service.<\/p>\n Because the flaw is already being utilized in active campaigns, system administrators are urged to apply temporary defensive measures immediately.<\/p>\n The security risk is entirely focused on on-premises deployments, meaning organizations using cloud-based Microsoft Exchange Online remain completely unaffected by this threat vector.<\/p>\n The technical foundation of this cyberattack relies on improper input neutralization during web page generation, which is commonly classified as a cross-site scripting<\/a> weakness.<\/p>\n An unauthorized attacker can exploit this issue by sending a specially crafted email directly to a targeted user.<\/p>\n If the recipient opens the malicious message in Outlook<\/a> Web Access and meets certain interaction conditions, the payload allows arbitrary JavaScript to execute seamlessly in the user\u2019s browser.<\/p>\n Security researchers note that this execution path effectively enables network-level spoofing without requiring prior administrative privileges.<\/p>\n The vulnerability impacts several major iterations of the platform, specifically affecting Exchange Server 2016, Exchange Server 2019, and the Exchange Server Subscription Edition across all update levels.<\/p>\n The low attack complexity combined with a network-based execution model makes this a highly effective tool for threat actors attempting to hijack user sessions or manipulate local browser data.<\/p>\n While a permanent security update is currently undergoing development and testing, Microsoft has deployed a temporary safeguard through the automated Exchange Emergency Mitigation Service.<\/p>\n For organizations with this default service enabled, the specific mitigation identified as M2.1.x is automatically applied to protect vulnerable environments.<\/p>\n Administrators operating in disconnected or air-gapped networks must manually download and execute the latest Exchange on-premises Mitigation Tool script via an elevated management shell to achieve this necessary protection.<\/p>\n Implementing this emergency mitigation introduces minor operational side effects that IT teams must manage.<\/p>\n Microsoft documentation indicates <\/a>that the Outlook Web Access Print Calendar functionality may stop working properly, requiring users to rely on the desktop client or take manual screenshots.<\/p>\n Furthermore, inline images might not display correctly within the reading pane, prompting workarounds such as sending images as direct attachments.<\/p>\n Despite these cosmetic and functional disruptions, the security community strongly advises<\/a> organizations to keep the mitigation active.<\/p>\n Microsoft software engineers are actively finalizing a permanent official fix that meets their quality assurance standards.<\/p>\n Once released, the security update will be made publicly available for the Exchange Server Subscription Edition.<\/p>\n However, permanent updates for older versions, such as Exchange 2016 and 2019, will be provided only to customers who are actively enrolled in the Period 2 Exchange Server Extended Security Update program.<\/p>\n Organizations relying on older cumulative updates are strongly encouraged to upgrade their infrastructure immediately to ensure compatibility with the final patch when it is deployed.<\/p>\n Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates.<\/strong><\/p>\n The post Critical Microsoft Exchange Server Vulnerability Actively Exploited in Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nMicrosoft Exchange Server Flaw Exploited<\/strong><\/h2>\n
![\"warning](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjxciBDXTm-l30zx1dwjnrrlSCERIeIIxTCCJ3I8NtQtcjFz2g-Jye8bT-LGlN4iTtQIKdqh3DfqcMubRuGDxwAkRzYigza1u2vp_AYDq0_taBaTbBGktLvBjSxWaewRjxDAEmbVlhdcKeJc92vNq3VISoEhQIoMtJ6A7IEO9nvMtdXodOcVse2HGWw988\/s1600\/Screenshot%25202026-05-15%2520115549%2520%25281%2529.webp?ssl=1\")