VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CVE-2026-42897 Exploited in On‑Prem Exchange via Crafted Email

Эксплуатация CVE-2026-42897 в on‑prem Exchange через поддельное письмо

Colleagues, please note: Microsoft confirms active exploitation of CVE-2026-42897 in on‑prem Exchange.

Microsoft describes the flaw as XSS/spoofing: a crafted email that, when opened in OWA and subject to specific interaction, executes arbitrary JavaScript. Reported by an anonymous researcher.

Affected: Exchange 2016, 2019 and Subscription Edition (on‑prem). Exchange Online is not affected.

Mitigation: EEMS (enabled by default) or EOMT — run the provided script via Exchange Management Shell for on‑prem systems.

Why this matters: on‑prem deployments are at risk — apply the recommended measures urgently.

What are your plans to verify and remediate?

#cybersecurity #MicrosoftExchange #CVE-2026-42897

Latest comments

No comments yet.