{"id":248519,"date":"2026-05-15T02:19:00","date_gmt":"2026-05-15T06:19:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/15\/on-prem-microsoft-exchange-server-cve-2026-42897-exploited-via-crafted-email\/"},"modified":"2026-05-18T12:05:10","modified_gmt":"2026-05-18T16:05:10","slug":"on-prem-microsoft-exchange-server-cve-2026-42897-exploited-via-crafted-email","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/15\/on-prem-microsoft-exchange-server-cve-2026-42897-exploited-via-crafted-email\/","title":{"rendered":"On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/on-prem-microsoft-exchange-server-cve.html\">On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/on-prem-microsoft-exchange-server-cve.html\">https:\/\/thehackernews.com\/2026\/05\/on-prem-microsoft-exchange-server-cve.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-15 02:19:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">May 15, 2026<\/span><\/span><span class=\"p-tags\">Microsoft \/ Vulnerability<\/span><\/p>\n<p>Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild.<\/p>\n<p>The vulnerability, tracked as <strong>CVE-2026-42897<\/strong> (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue.<\/p>\n<p>&#8220;Improper neutralization of input during web page generation (&#8216;cross-site scripting&#8217;) in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network,&#8221; the tech giant said in a Thursday advisory.<\/p>\n<p>Microsoft, which tagged the vulnerability with an &#8220;Exploitation Detected&#8221; assessment, said an attacker could weaponize it by sending a crafted email to a user, which, when opened in Outlook Web Access and subject to other &#8220;certain interaction conditions,&#8221; can allow arbitrary JavaScript code to be executed in the context of the web browser.<\/p>\n<p>Redmond also noted that it&#8217;s providing a temporary mitigation through its Exchange Emergency Mitigation Service, while it&#8217;s readying a permanent fix for the security defect.<\/p>\n<p>The Exchange Emergency Mitigation Service will provide the mitigation automatically via a URL rewrite configuration, and is enabled by default. If it&#8217;s not on, users are advised to enable the Windows service.<\/p>\n<p>According to Microsoft, Exchange Online is not impacted by this vulnerability. The following on-premises Exchange Server versions are affected &#8211;<\/p>\n<ul>\n<li>Exchange Server 2016 (any update level)<\/li>\n<li>Exchange Server 2019 (any update level)<\/li>\n<li>Exchange Server Subscription Edition (SE) (any update level)<\/li>\n<\/ul>\n<p>If using the Exchange Emergency Mitigation Service is not an option due to air-gap restrictions, the company has outlined the following series of actions &#8211;<\/p>\n<ul>\n<li>Download the latest version of the Exchange on-premises Mitigation Tool (EOMT) from aka[.]ms\/UnifiedEOMT.<\/li>\n<li>Apply the mitigation on a per-server&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/on-prem-microsoft-exchange-server-cve.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email https:\/\/thehackernews.com\/2026\/05\/on-prem-microsoft-exchange-server-cve.html Publish Date: 2026-05-15 02:19:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":248521,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirN79ZRjEd5wnVbOTlJJsWjQ54cwSj2bM5NDzBSgAFO8f_9LrlIwQRI0ZogQX42iejmhgc1n2YcA91pFrVqtqNKKyAIXblcQ1Yx9LTs1TeNDbNN6JMUBXCKDK1W0IwnwvYl1dhQmcyTPHwakckKT_Kc9fAUDAJRj94g2pENrjy4UyTCCniOXI2rO-q66PC\/s1600\/Microsoft-Exchange.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-248519","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248519"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=248519"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248519\/revisions"}],"predecessor-version":[{"id":248523,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248519\/revisions\/248523"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/248521"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=248519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=248519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=248519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}