Do you use Microsoft Exchange? Hackers are actively exploiting a new zero-day flaw
A new zero-day vulnerability in Microsoft Exchange Server is being actively exploited by hackers. Microsoft has identified this flaw, tracked as CVE-2026-42897, which allows attackers to execute arbitrary code through specially crafted emails. Organizations are advised to enable the Exchange Emergency Mitigation Service to protect against this threat until security patches are available.
- ▪The vulnerability affects fully updated versions of Exchange Server 2016, 2019, and Subscription Edition.
- ▪Attackers can exploit this issue by sending a malicious email that executes JavaScript in the user's browser when opened.
- ▪Microsoft recommends enabling the Exchange Emergency Mitigation Service for immediate protection.
Opening excerpt (first ~120 words) tap to expand
Internet Online Security Do you use Microsoft Exchange? Hackers are actively exploiting a new zero-day flaw News By Alyse Stanley published 17 May 2026 All it takes is one malicious email When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Shutterstock) Copy link Facebook X Reddit Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts sounding the alarm. On Thursday, Microsoft announced mitigations for a high-security Exchange Server vulnerability that's being actively exploited by hackers.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Tom's Guide.