Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Home/Vulnerabilities/Critical Microsoft Exchange Server RCE Vulnerability Under Active Attack CVE-2023-21529
Vulnerabilities

Critical Microsoft Exchange Server RCE Vulnerability Under Active Attack CVE-2023-21529

Key Takeaways A critical spoofing vulnerability, CVE-2026-42897, in Microsoft Exchange Server is under active exploitation. The flaw specifically impacts on-premises versions of Exchange Server 2016,...

Sarah simpson
Sarah simpson
May 15, 2026 4 Min Read
45 0

Key Takeaways

  • A critical spoofing vulnerability, CVE-2026-42897, in Microsoft Exchange Server is under active exploitation.
  • The flaw specifically impacts on-premises versions of Exchange Server 2016, 2019, and Subscription Edition.
  • The vulnerability has a CVSS 3.1 score of 8.1 and allows for arbitrary JavaScript execution via crafted emails in Outlook Web Access.
  • Microsoft has released an emergency mitigation (M2.1.x) through the Exchange Emergency Mitigation Service, with a permanent patch in development.
  • Cloud-based Microsoft Exchange Online is not affected.

Microsoft Exchange Server Under Attack: Critical Spoofing Flaw Exploited In The Wild

Microsoft has issued an urgent security alert concerning a newly identified vulnerability within its Exchange Server platform, which is actively being exploited by threat actors. This critical spoofing flaw, designated CVE-2026-42897, carries a severe CVSS 3.1 rating of 8.1 and poses a significant risk to organizations utilizing on-premises Exchange infrastructure.

Table Of Content

  • Key Takeaways
  • Microsoft Exchange Server Under Attack: Critical Spoofing Flaw Exploited In The Wild
  • Technical Details of the Exchange Server Flaw
  • Emergency Mitigations and Future Patches
  • What You Should Do

Cybersecurity analysts have confirmed that the vulnerability targets the Microsoft Exchange Outlook Web Access (OWA) service. Attackers are leveraging this network-based weakness to compromise systems before a comprehensive, permanent patch can be deployed. Due to the ongoing active exploitation, system administrators are strongly advised to implement temporary defensive measures without delay.

It is important to note that this security risk is isolated to on-premises deployments. Organizations that rely on cloud-based Microsoft Exchange Online are not affected by this particular threat vector.

Technical Details of the Exchange Server Flaw

The core of this cyberattack lies in improper input neutralization during the generation of web pages, a vulnerability commonly categorized as a cross-site scripting (XSS) weakness. An attacker can exploit this issue by sending a specially crafted email directly to a target user.

If the recipient opens this malicious message within Outlook Web Access and fulfills certain interaction conditions, the embedded payload allows for the seamless execution of arbitrary JavaScript within the user’s browser. Security researchers indicate that this execution path effectively enables network-level spoofing without requiring any prior administrative privileges.

The vulnerability affects several major iterations of the platform, specifically impacting Exchange Server 2016, Exchange Server 2019, and the Exchange Server Subscription Edition across all cumulative update levels. The combination of low attack complexity and a network-based execution model makes this a highly potent tool for threat actors aiming to hijack user sessions or manipulate local browser data.

Emergency Mitigations and Future Patches

While a permanent security update is currently undergoing development and rigorous testing, Microsoft has proactively deployed a temporary safeguard through its automated Exchange Emergency Mitigation Service. For organizations that have this service enabled by default, the specific mitigation identified as M2.1.x is automatically applied to protect vulnerable environments.

Administrators operating in disconnected or air-gapped networks, however, must manually download and execute the latest Exchange on-premises Mitigation Tool script via an elevated management shell to achieve the necessary protection.

Implementing this emergency mitigation introduces minor operational side effects that IT teams should be aware of. Microsoft documentation indicates that the Outlook Web Access Print Calendar functionality may cease to work properly, requiring users to rely on the desktop client or take manual screenshots. Furthermore, inline images might not display correctly within the reading pane, necessitating workarounds such as sending images as direct attachments.

Despite these cosmetic and functional disruptions, the security community strongly advises organizations to maintain the mitigation in an active state. Microsoft software engineers are actively finalizing a permanent official fix that meets their stringent quality assurance standards. Once released, the security update will be made publicly available for the Exchange Server Subscription Edition.

However, permanent updates for older versions, such as Exchange 2016 and 2019, will only be provided to customers who are actively enrolled in the Period 2 Exchange Server Extended Security Update program. Organizations still relying on older cumulative updates are strongly encouraged to upgrade their infrastructure immediately to ensure compatibility with the final patch when it is deployed.

What You Should Do

  • Apply Emergency Mitigation: Ensure the Exchange Emergency Mitigation Service is enabled and functioning. For air-gapped networks, manually download and run the Exchange on-premises Mitigation Tool script.
  • Monitor for Official Patches: Stay vigilant for the release of the permanent security update from Microsoft.
  • Upgrade Older Versions: If using Exchange Server 2016 or 2019, consider enrolling in the Extended Security Update program or upgrading to a newer, supported version to receive future permanent patches.
  • Educate Users: Remind users about the risks of opening suspicious emails, particularly in Outlook Web Access, even with mitigations in place.
  • Review Logs: Actively monitor Exchange Server logs for any indicators of compromise or unusual activity.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVECybersecurityExploitPatchSecurityThreatVulnerability

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

Critical Next.js Vulnerability Exposes Cloud Credentials and API Keys

Next Post

Google Chrome Updates Patch 79 Vulnerabilities, Including 14 Critical Flaws

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Vulnerability in Windows Drivers Lets Attackers Disable Security Software
July 1, 2026
Automotive Manufacturer Boosts SOC Triage Speed, Closes Supplier Security Gap
July 1, 2026
Microsoft Teams Blocks Uninvited Bots From Meetings
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us