Critical Microsoft Exchange Server Vulnerability Actively Exploited in Attacks

HomeCyber Security News Critical Microsoft Exchange Server Vulnerability Actively Exploited in Attacks By Abinaya May 15, 2026 Microsoft issued an urgent security alert regarding a newly discovered vulnerability in Exchange Server that is currently being exploited in the wild. Tracked as CVE-2026-42897, this critical spoofing flaw carries a high CVSS 3.1 severity score of 8.1 and directly impacts on-premises email infrastructure. Threat actors are actively exploiting this network-based weakness to compromise organizational systems before a permanent patch is finalized. Cybersecurity analysts have confirmed that the vulnerability specifically targets the Microsoft Exchange Outlook Web Access service. Because the flaw is already being utilized in active campaigns, system administrators are urged to apply temporary defensive measures immediately. The security risk is entirely focused on on-premises deployments, meaning organizations using cloud-based Microsoft Exchange Online remain completely unaffected by this threat vector. Microsoft Exchange Server Flaw Exploited The technical foundation of this cyberattack relies on improper input neutralization during web page generation, which is commonly classified as a cross-site scripting weakness. An unauthorized attacker can exploit this issue by sending a specially crafted email directly to a targeted user. If the recipient opens the malicious message in Outlook Web Access and meets certain interaction conditions, the payload allows arbitrary JavaScript to execute seamlessly in the user’s browser. Security researchers note that this execution path effectively enables network-level spoofing without requiring prior administrative privileges. The vulnerability impacts several major iterations of the platform, specifically affecting Exchange Server 2016, Exchange Server 2019, and the Exchange Server Subscription Edition across all update levels. The low attack complexity combined with a network-based execution model makes this a highly effective tool for threat actors attempting to hijack user sessions or manipulate local browser data. warning displayed in mitigation details(source : .microsoft) While a permanent security update is currently undergoing development and testing, Microsoft has deployed a temporary safeguard through the automated Exchange Emergency Mitigation Service. For organizations with this default service enabled, the specific mitigation identified as M2.1.x is automatically applied to protect vulnerable environments. Administrators operating in disconnected or air-gapped networks must manually download and execute the latest Exchange on-premises Mitigation Tool script via an elevated management shell to achieve this necessary protection. Implementing this emergency mitigation introduces minor operational side effects that IT teams must manage. Microsoft documentation indicates that the Outlook Web Access Print Calendar functionality may stop working properly, requiring users to rely on the desktop client or take manual screenshots. Furthermore, inline images might not display correctly within the reading pane, prompting workarounds such as sending images as direct attachments. Despite these cosmetic and functional disruptions, the security community strongly advises organizations to keep the mitigation active. Microsoft software engineers are actively finalizing a permanent official fix that meets their quality assurance standards. Once released, the security update will be made publicly available for the Exchange Server Subscription Edition. However, permanent updates for older versions, such as Exchange 2016 and 2019, will be provided only to customers who are actively enrolled in the Period 2 Exchange Server Extended Security Update program. Organizations relying on older cumulative updates are strongly encouraged to upgrade their infrastructure immediately to ensure compatibility with the final patch when it is deployed. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Critical Spring Vulnerabilities Expose Arbitrary Files and GCP Secrets Hackers Use Fake OpenClaw Installer to Steal Crypto Wallet and Password Manager Credentials Critical Canon MailSuite Vulnerability Enables Remote Code Execution Attacks Claude’s Chrome Extension Vulnerability Allows Malicious Extensions to Steal Gmail and Drive Data Google Warns of Hackers Using AI to Create Working Zero-Day Exploit Latest News Cyber Security News OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack Cyber Security Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access Cyber Security News Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets Cyber Security News Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network Cyber Security News New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass