Updated on May 18: Details have emerged about emergency mitigation strategies following the confirmation of CVE-2026-42897, a newly identified zero-day affecting Microsoft Exchange Server. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has indicated that this vulnerability is currently being targeted by cybercriminals. Additionally, Microsoft is addressing another zero-day vulnerability affecting Windows 11.
Microsoft Exchange is currently under scrutiny due to a newly discovered security flaw. A zero-day vulnerability, confirmed by Microsoft on May 14, raises alarms about its potential impact. CISA added this specific flaw, CVE-2026-42897, to its Known Exploited Vulnerabilities Catalog on May 15, prompting a swift response for remediation from organizations worldwide.
Understanding the CVE-2026-42897 Vulnerability
CVE-2026-42897 is categorized as a spoofing vulnerability within Microsoft Exchange Server. This flaw allows malicious actors to exploit the system through crafted emails opened in Outlook Web Access, leading to unauthorized JavaScript execution.
This zero-day is a clear indicator that on-premises Exchange remains a high-value target for cybercriminals. It permits unauthenticated command execution, which could severely compromise corporate communications and identity.
While Exchange Online is secure from this vulnerability, the flaws impact several on-premises versions, including:
- Exchange Server 2016 (various update levels)
- Exchange Server 2019 (various update levels)
- Exchange Server Subscription Edition (all versions)
Microsoft Urges Use of Emergency Mitigation Services
Microsoft has advised organizations to activate the Exchange Emergency Mitigation Service to safeguard against the new vulnerability. “Engaging the EM Service is crucial for immediate defense against this flaw,” the company stated, recommending that organizations should enable it without delay.
To verify the status of this emergency service, businesses should utilize the Exchange Health Checker script provided by Microsoft. This tool generates a report highlighting whether the necessary mitigations have been applied to the server. Relevant mitigation IDs should be monitored closely, as misconfigurations could lead to significant security breaches.
Exchange poses unique risks for remote code execution threats, given its vital connections to corporate identity systems. Ensuring that the Emergency Mitigation Service is properly functioning is essential for maintaining security.
Hacker Discloses New Zero-Day for Windows
A hacker has publicly revealed a new zero-day exploit affecting Windows 11. Named MiniPlasma, this vulnerability allows unauthorized system access even on fully updated machines.
This flaw targets a vulnerability originally reported in September 2020, believed to have been patched by Microsoft. However, it remains exploitable and has been demonstrated on Windows 11 systems, raising concerns about its potential reach across various Windows versions.
No immediate solutions have been provided while Microsoft formulates a patch.