Do you use Microsoft Exchange? Hackers are actively exploiting a new zero-day flaw
A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts sounding the alarm. On Thursday, Microsoft announced mitigations for a high-security Exchange Server vulnerability that’s being actively exploited by hackers. All an attacker needs to do is send a specially crafted email that, when opened through Outlook Web Access, can execute arbitrary code within the user’s browser.
Microsoft’s called this security flaw (tracked as CVE-2026-42897) a spoofing vulnerability affecting fully updated versions of Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE).
“An attacker could exploit this issue by sending a specially crafted email to a user. If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context,” the Exchange Team said.
Latest Videos From
Although security patches are not yet available, Microsoft said the Exchange Emergency Mitigation Service (EEMS) can provide automatic mitigation for Exchange Server 2016, 2019, and SE on-premises servers.
“Using EM Service is the best way for your organization to mitigate this vulnerability right away. If you have EM Service currently disabled, we recommend you enable it right away. Please note that EM Service will not be able to check for new mitigations if your server is running Exchange Server version older than March 2023,” per the Exchange Team.
To check the status of the Exchange Emergency Mitigation Service, organizations should follow Microsoft’s instructions on running the Exchange Health Checker script.
May has been one hell of a month for Microsoft’s security team. In the last week alone, Microsoft’s fixed over 130 vulnerabilities as part of its Patch Tuesday cycle, many of which are driven by a new AI-powered bug-hunting system codenamed MDASH (Multi-model Agentic Scanning Harness).
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
