VulnerabilityBleeping Computer
8.1 — CRITICAL
Microsoft warns of Exchange zero-day flaw exploited in attacks
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A high-severity zero-day flaw in Microsoft Exchange Server (CVE-2026-42897) was exploited in attacks allowing threat actors to execute arbitrary code via cross-site scripting, targeting Outlook on the web users.
⚙️Technical Details
💥Impact Assessment
Severity: high
🛡️Recommended Actions
1Enable the Exchange Emergency Mitigation Service (EEMS) on affected servers
2Apply the latest Exchange on-premises Mitigation Tool (EOMT) version to vulnerable servers
3Disable OWA Print Calendar functionality and use alternative workarounds until patches are available
📦Affected Products
Microsoft Exchange Server 2016Microsoft Exchange Server 2019Microsoft Exchange Server Subscription Edition (SE)
🔐NVD Verified DataVERIFIED
CVE-2026-42897 ↗CVSS 8.1 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NWeaknesses
CWE-79
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.