Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Exchange CVE-2026-42897 mitigation advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 57
2 unique sources, 2 articles

Summary

Hide ▲

Microsoft issued immediate mitigation guidance for CVE-2026-42897, reducing risk for Exchange Server 2016, 2019, and Subscription Edition (SE) on-premises servers that are being targeted in attacks. EEMS can automatically apply interim protections, and administrators in air-gapped environments can use EOMT instead. The advisory matters because permanent patches are not yet available, so defenders need a stopgap now while waiting for updates. Microsoft also warned that servers older than March 2023 may not receive new mitigations through EM Service.

Related Happenings

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
First: 15.05.2026 09:19 Last: 15.05.2026 09:19 Sources 1

How related: "An attacker could exploit this issue by sending a specially crafted email to a user. If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context," the Exchange Team said.

About this happening: **CVE-2026-42897** is an **actively exploited** **spoofing/XSS** flaw in **on-premises Microsoft Exchange Server** that can let attackers trigger **arbitrary JavaScript** in a bro...

Open Happening

Microsoft May 2026 Patch Tuesday release

Security Patch Release
First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...

Open Happening

Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821

Security Patch Release
First: 07.05.2026 18:20 Last: 07.05.2026 18:20 Sources 1

About this happening: Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...

Latest development: 07.05.2026 20:55

Ivanti released fixes for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821 in Endpoint Manager Mobile (EPMM). The updates apply only to on-prem EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1, and Ivanti said the issues are not present in Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products.

Open Happening

Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026

Security Tool/Service
First: 28.04.2026 16:18 Last: 28.04.2026 16:18 Sources 1

About this happening: **Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...

Open Happening

Microsoft Outlook.com outage causing sign-in failures

Service Disruption
First: 27.04.2026 15:03 Last: 27.04.2026 15:03 Sources 1

About this happening: Microsoft's **Outlook.com** is experiencing an **ongoing outage** that is blocking sign-ins and mailbox access, leaving some customers unable to use email normally. The disruption...

Open Happening

Timeline

  1. 15.05.2026 15:35 2 articles · 12d ago

    Microsoft issues temporary mitigations for CVE-2026-42897

    Mitigation Patch Update

    Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.

    Show sources
    Open in new tab
  2. 15.05.2026 12:40 2 articles · 12d ago

    Microsoft shares mitigations for CVE-2026-42897

    Initial Disclosure

    Microsoft shared mitigations for CVE-2026-42897, a high-severity Exchange Server spoofing vulnerability exploited in attacks that can execute arbitrary JavaScript via cross-site scripting against Outlook on the web users on on-premises Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE). The company said Exchange Emergency Mitigation Service (EEMS) can automatically mitigate supported servers, administrators in air-gapped environments can use the Exchange on-premises Mitigation Tool (EOMT), and permanent patches for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15 are planned but not yet available.

    Show sources
    Open in new tab
  3. 15.05.2026 12:40 2 articles · 12d ago

    Microsoft shares mitigations for CVE-2026-42897

    Initial Disclosure

    Microsoft shared mitigations for CVE-2026-42897, a high-severity Exchange Server spoofing vulnerability exploited in attacks that can execute arbitrary JavaScript via cross-site scripting against Outlook on the web users on on-premises Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE). The company said Exchange Emergency Mitigation Service (EEMS) can automatically mitigate supported servers, administrators in air-gapped environments can use the Exchange on-premises Mitigation Tool (EOMT), and permanent patches for Exchange SE RTM, Exchange 2016 CU23, and Exchange Server 2019 CU14 and CU15 are planned but not yet available.

    Show sources
    Open in new tab