Back

Active Exploitation of CVE-2026-42897 in Microsoft Exchange Server

Severity: High (Score: 69.9)

Sources: msrc.microsoft.com, Petri, Infosecurity-Magazine, www.securityweek.com, aka.ms

Summary

Microsoft has disclosed a critical vulnerability, CVE-2026-42897, affecting on-premises Exchange Server versions 2016, 2019, and Subscription Edition. This zero-day flaw allows attackers to execute arbitrary JavaScript via specially crafted emails opened in Outlook Web Access (OWA), with a CVSS score of 8.1. Active exploitation of this vulnerability has been confirmed, prompting Microsoft to recommend immediate mitigation measures. The Exchange Emergency Mitigation Service (EEMS) is available for automatic protection, while the Exchange On-premises Mitigation Tool (EOMT) can be used in air-gapped environments. No patches are currently available, and the vulnerability does not affect Exchange Online. Organizations are advised to enable EEMS or apply EOMT to reduce exposure until a permanent fix is released. Microsoft plans to provide updates for affected Exchange versions, but only for customers enrolled in the Extended Security Update (ESU) program. Key Points: • CVE-2026-42897 is a critical vulnerability in Microsoft Exchange Server with active exploitation. • Attackers can execute arbitrary JavaScript in victims' browsers via crafted emails in OWA. • Immediate mitigations include enabling the Exchange Emergency Mitigation Service or using EOMT.

Key Entities

  • Malware (attack_type)
  • Phishing (attack_type)
  • Zero-day Exploit (attack_type)
  • XSS (vulnerability)
  • ProxyLogon (vulnerability)
  • ProxyShell (vulnerability)
  • Microsoft (company)
  • NHS England (company)
  • Outlook (company)
  • CVE-2026-42897 (cve)
  • Cwe-79 - Cross-site Scripting (xss) (cwe)
  • onmsft.com (domain)
  • T1059.001 - PowerShell (mitre_attack)
  • T1059.007 - JavaScript (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • Exchange Online (platform)
  • Exchange Server (platform)
  • Microsoft Exchange Server (platform)
  • Outlook Web Access (platform)
  • Windows (platform)
  • EOMT.ps1 (tool)
  • EOMTv2.ps1 (tool)
  • Exchange Management Shell (tool)
  • IIS URL Rewrite (tool)
  • Microsoft Safety Scanner (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed