Microsoft has issued a warning about active exploitation of a new zero-day vulnerability in Exchange Server, identified as CVE-2026-42897 with a CVSS score of 8.1. This vulnerability involves improper neutralization of input during web page generation, specifically cross-site scripting, allowing unauthorized attackers to perform spoofing over a network. The flaw affects Outlook Web Access (OWA) and can be exploited through a specially crafted email that executes malicious JavaScript when opened under certain conditions. Despite the active exploitation, Microsoft has not revealed details about the attacks. Temporary mitigation measures have been released, and administrators are urged to apply them promptly to minimize exposure. The vulnerability emerged shortly after Microsoft’s Patch Tuesday, which addressed 138 other vulnerabilities. Exchange Server zero-days are particularly dangerous due to their central role in corporate email systems and their internet-facing nature, making them prime targets for cyber espionage and ransomware campaigns.
Is the Exchange Server zero-day vulnerability being actively exploited?
