Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft Exchange CVE-2026-42897 mitigation advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 44
2 unique sources, 3 articles

Summary

Hide ▲

Microsoft issued immediate mitigation guidance for CVE-2026-42897, reducing risk for Exchange Server 2016, 2019, and Subscription Edition (SE) on-premises servers that are being targeted in attacks. EEMS can automatically apply interim protections, and administrators in air-gapped environments can use EOMT instead. The advisory matters because permanent patches are not yet available, so defenders need a stopgap now while waiting for updates. Microsoft also warned that servers older than March 2023 may not receive new mitigations through EM Service.

Related Happenings

Microsoft security patch release for CVE-2026-42897

Security Patch Release
H score44 First: 10.06.2026 16:44 Last: 10.06.2026 16:44 Sources 1

How related: Yesterday, Microsoft released security updates to address the security flaw in affected Exchange Server installations, advising admins to deploy them "as soon as possible" and leave the mitigations in place for additional protection.

About this happening: **Microsoft** released **June 2026 Security Updates** for **Exchange Server 2016**, **Exchange Server 2019**, and **Exchange Server Subscription Edition (SE)** to fix **CVE-2026-4...

Microsoft Exchange Online mail flow disruption

Service Disruption
H score25 First: 02.06.2026 20:02 Last: 02.06.2026 20:02 Sources 1

About this happening: Microsoft is addressing a **widespread Exchange Online service disruption** that is delaying and failing email delivery for customers across **North America** and **Germany**. The...

CCB urgent patch warning for CVE-2026-41089 on Windows servers

Public Sector Action
H score48 First: 01.06.2026 15:30 Last: 01.06.2026 15:30 Sources 1

About this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...

CERT-In issues 12-hour patch guidance for Indian organizations

Public Sector Action
H score38 First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
H score39 First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Timeline

  1. 15.05.2026 15:35 3 articles · 1mo ago

    Microsoft issues temporary mitigations for CVE-2026-42897

    Mitigation Patch Update

    Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.

    Show sources
  2. 15.05.2026 12:40 2 articles · 1mo ago

    Microsoft shares mitigations for CVE-2026-42897

    Initial Disclosure

    Microsoft shared mitigations for CVE-2026-42897, a high-severity Exchange Server spoofing vulnerability exploited in attacks that can execute arbitrary JavaScript via cross-site scripting against Outlook on the web users on on-premises Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE). The company said Exchange Emergency Mitigation Service (EEMS) can automatically mitigate supported servers, administrators in air-gapped environments can use the Exchange on-premises Mitigation Tool (EOMT), and permanent patches for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15 are planned but not yet available.

    Show sources
  3. 15.05.2026 12:40 2 articles · 1mo ago

    Microsoft shares mitigations for CVE-2026-42897

    Initial Disclosure

    Microsoft shared mitigations for CVE-2026-42897, a high-severity Exchange Server spoofing vulnerability exploited in attacks that can execute arbitrary JavaScript via cross-site scripting against Outlook on the web users on on-premises Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE). The company said Exchange Emergency Mitigation Service (EEMS) can automatically mitigate supported servers, administrators in air-gapped environments can use the Exchange on-premises Mitigation Tool (EOMT), and permanent patches for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15 are planned but not yet available.

    Show sources