{"id":248784,"date":"2026-05-18T15:03:00","date_gmt":"2026-05-18T19:03:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/microsoft-confirms-active-0-day-exploit-check-emergency-mitigation\/"},"modified":"2026-05-18T16:55:12","modified_gmt":"2026-05-18T20:55:12","slug":"microsoft-confirms-active-0-day-exploit-check-emergency-mitigation","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/microsoft-confirms-active-0-day-exploit-check-emergency-mitigation\/","title":{"rendered":"Microsoft Confirms Active 0-Day Exploit\u2014Check Emergency Mitigation"},"content":{"rendered":"

Microsoft Confirms Active 0-Day Exploit\u2014Check Emergency Mitigation<\/a><\/p>\n

https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/05\/18\/microsoft-exchange-active-0-day-exploit-enable-emergency-mitigation-now\/<\/a><\/p>\n

Publish Date: 2026-05-18 15:03:00<\/a><\/p>\n

Source Domain: www.forbes.com<\/a><\/p>\n

Microsoft confirms Exchange zero-day, CISA warns it’s under active exploitation.<\/span><\/p>\n

getty<\/p>\n

Updated May 18: This article has been updated to include further details on the emergency mitigation process recommended by Microsoft after the CVE-2026-42897 Exchange Server zero-day was confirmed by the U.S. Cybersecurity and Infrastructure Security Agency as already being actively exploited in the wild by attackers. Alongside this, there is a second update concerning yet another zero-day exposure from an \u2018angry hacker\u2019 who has added to the long list of publicly disclosed vulnerabilities by posting details of a Windows 11 \u2018proof of concept\u2019 exploit that gives an attacker system privileges even when Windows is running fully patched and up to date.. <\/p>\n

It\u2019s been something of a rough few days for Microsoft Exchange on the security vulnerability front. A zero-day being demonstrated at the Pwn2Own Berlin hacking event, which has been responsibly disclosed and not released into the wild. Definitely already out there, and under active exploitation according to the U.S. Cybersecurity and Infrastructure Security Agency, another Exchange zero-day, confirmed by Microsoft on May 14. CISA added the CVE-2026-42897 vulnerability to its Known Exploited Vulnerabilities Catalog on May 15, urging all organizations to prioritize timely remediation as the attack vector poses a significant risk. Here\u2019s what you need to know.<\/p>\n

Forbes<\/span>Microsoft Windows Alert\u2014Angry Hacker Drops 2 New Zero-Day Exploits<\/span>By Davey Winder<\/span><\/span><\/span><\/p>\n

The Microsoft Exchange CVE-2026-42897 Zero-Day Explained<\/h2>\n

Microsoft disclosed CVE-2026-42897 on May 14, describing the zero-day as a Microsoft Exchange Server spoofing vulnerability. Technically speaking, the vulnerability occurs when an improper neutralization of input during web page generation, or a cross-site scripting attack if you prefer, enables an attacker to perform spoofing over the network. All it takes to exploit this is to send a maliciously crafted email, which, when…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft Confirms Active 0-Day Exploit\u2014Check Emergency Mitigation https:\/\/www.forbes.com\/sites\/daveywinder\/2026\/05\/18\/microsoft-exchange-active-0-day-exploit-enable-emergency-mitigation-now\/ Publish Date: 2026-05-18 15:03:00 Source Domain: www.forbes.com…<\/p>\n","protected":false},"author":1,"featured_media":248786,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imageio.forbes.com\/specials-images\/imageserve\/6a089505605e4fcb2a0a192a\/0x0.jpg?format=jpg&height=900&width=1600&fit=bounds","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[90,96,57,27],"class_list":["post-248784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cve","tag-hackerexploit","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248784"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=248784"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248784\/revisions"}],"predecessor-version":[{"id":248788,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248784\/revisions\/248788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/248786"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=248784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=248784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=248784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}