Neowin
Active Exploitation of CVE-2026-42897 in Microsoft Exchange Server
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Microsoft has disclosed a critical vulnerability, CVE-2026-42897, affecting on-premises Exchange Server versions 2016, 2019, and Subscription Edition. This zero-day flaw allows attackers to execute arbitrary JavaScript via specially crafted emails opened in Outlook Web Access (OWA), with a CVSS score of 8.1. Active exploitation of this vulnerability has been confirmed, prompting Microsoft to recommend immediate mitigation measures. The Exchange Emergency Mitigation Service (EEMS) is available for automatic protection, while the Exchange On-premises Mitigation Tool (EOMT) can be used in air-gapped environments. No patches are currently available, and the vulnerability does not affect Exchange Online. Organizations are advised to enable EEMS or apply EOMT to reduce exposure until a permanent fix is released. Microsoft plans to provide updates for affected Exchange versions, but only for customers enrolled in the Extended Security Update (ESU) program.
Key Points: • CVE-2026-42897 is a critical vulnerability in Microsoft Exchange Server with active exploitation. • Attackers can execute arbitrary JavaScript in victims' browsers via crafted emails in OWA. • Immediate mitigations include enabling the Exchange Emergency Mitigation Service or using EOMT.