Particle.news
Download on the App Store
4 ARTICLES
·
4w ago

CISA Adds Actively Exploited Microsoft Exchange Zero-Day to KEV Catalog

A hard May 29 deadline collides with the fact that only a temporary mitigation is available.

A person using a laptop with a warning message appearing on screen

Overview

  • CISA, which added CVE-2026-42897 to its Known Exploited Vulnerabilities catalog Friday, set a May 29 deadline for federal agencies to fix it.
  • Microsoft and CISA confirmed active attacks that use a crafted email to trigger cross‑site scripting in Outlook Web Access and run JavaScript in the user’s browser.
  • The flaw affects on‑premises Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition, while Exchange Online is not impacted.
  • Microsoft urges administrators to enable the Exchange Emergency Mitigation Service and to verify it with the Exchange Health Checker, which should show mitigation ID M2.1.x, as a formal patch is still pending.
  • Security experts warn that on‑premises, internet‑facing Exchange servers can expose emails and credentials, raising risks of espionage or ransomware and pushing organizations to consider migration or tighter isolation.