Critical Microsoft Exchange Server Vulnerability Exploited in Attacks

Severity: High (Score: 69.9)

Sources: techcommunity.microsoft.com, Digital.Nhs.Uk, Neowin, Bleepingcomputer, www.cve.org

Summary

Microsoft has issued a warning regarding a critical vulnerability in Exchange Server, tracked as CVE-2026-42897, which allows attackers to execute arbitrary JavaScript code via specially crafted emails opened in Outlook Web Access. This spoofing vulnerability affects Exchange Server 2016, 2019, and Subscription Edition, and is currently being exploited in the wild. Microsoft has provided mitigations through the Exchange Emergency Mitigation Service (EEMS), which should be enabled to protect against this flaw. However, no permanent patches are available yet, and updates will only be provided to customers enrolled in the Extended Security Updates (ESU) program. The vulnerability has a CVSS score of 8.1, indicating a high severity level. Administrators are urged to take immediate action to mitigate the risk until a robust fix is released. Key Points: • CVE-2026-42897 is a critical vulnerability in Exchange Server actively exploited in attacks. • Attackers can execute arbitrary JavaScript by sending crafted emails to Outlook Web Access users. • Microsoft recommends enabling the Exchange Emergency Mitigation Service for immediate protection.

Key Entities

• Phishing (attack_type)
• Zero-day Exploit (attack_type)
• XSS (vulnerability)
• ProxyLogon (vulnerability)
• ProxyShell (vulnerability)
• Microsoft (company)
• NHS England (company)
• CVE-2026-42897 (cve)
• Cwe-79 - Cross-site Scripting (xss) (cwe)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Exchange Online (platform)
• Exchange Server (platform)
• Microsoft Exchange Server (platform)
• Outlook Web Access (platform)
• Windows (platform)