Microsoft Exchange Flaw Under Active Attack

A new spoofing vulnerability in Microsoft Exchange is being actively exploited, prompting urgent calls for organizations to apply patches and secure systems.

A spoofing vulnerability in Microsoft Exchange's Outlook Web Access (OWA), identified as CVE-2026-42897, is being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed the active attacks and is strongly urging all organizations to apply patches immediately. The agency highlighted that the attack vector poses a significant risk, making timely remediation a top priority. Microsoft has officially addressed the vulnerability as part of its recent Patch Tuesday updates, which included fixes for a total of 137 security flaws across its product suite.

This vulnerability specifically affects organizations that run on-premise Microsoft Exchange servers and utilize OWA. A successful exploit could allow an attacker to spoof communications, potentially leading to more sophisticated attacks like phishing or credential theft. To combat this threat, Microsoft's primary recommendation is for customers to enable Extended Protection for Exchange Server (EEMS), a feature that enhances security against man-in-the-middle attacks. Following the official guidance and applying the latest updates are critical steps for any IT or security team managing an Exchange environment to prevent potential compromise and protect sensitive corporate data.

Active exploitation of a vulnerability in a widely used enterprise product like Microsoft Exchange poses a significant risk of data breaches, phishing, and further network intrusion for organizations that fail to patch promptly.

Unpatched systems are at high risk of compromise, which could lead to business email compromise, data theft, and operational disruption. The cost of remediation after a breach far exceeds the cost of proactive patching.