Microsoft has confirmed that attackers are actively exploiting a dangerous Microsoft Exchange Zero-Day vulnerability, prompting urgent warnings from cybersecurity experts and government agencies.
The flaw, identified as CVE-2026-42897, affects on-premises Microsoft Exchange servers and could allow attackers to compromise corporate systems through malicious emails and spoofing attacks.
The Cybersecurity and Infrastructure Security Agency, commonly known as CISA, added the vulnerability to its Known Exploited Vulnerabilities catalog after confirming that attacks are already happening in the wild.
Microsoft Exchange Zero-Day Under Active Attack
Microsoft disclosed the vulnerability in May and warned organizations to immediately enable emergency mitigation protections.
According to the company, the flaw exists in Exchange Server’s handling of web page input generation, creating a cross-site scripting vulnerability that attackers can exploit remotely.
A hacker can reportedly send a specially crafted email that triggers malicious JavaScript when opened through Outlook Web Access.
Cybersecurity experts say the attack could potentially give criminals access to sensitive corporate communications and identity systems.
The vulnerability affects multiple versions of on-premises Exchange Server, including Exchange Server 2016, Exchange Server 2019 and Exchange Server Subscription Edition.
Microsoft Exchange Online cloud services are not affected.
Microsoft Urges Emergency Mitigation
Because an official security patch is still pending, Microsoft has strongly recommended that organizations activate the Exchange Emergency Mitigation Service immediately.
The company says the service can automatically deploy temporary protections designed to reduce exposure to active attacks.
Microsoft also advised administrators to run the Exchange Health Checker script to confirm that emergency mitigations have successfully applied.
Security experts warn that organizations cannot afford delays because attackers often move quickly once vulnerability details become public.
Damon Small, a cybersecurity executive quoted in the report, described on-premises Exchange systems as one of the most heavily targeted areas inside enterprise infrastructure.
Experts Fear Wider Attacks
Cybersecurity researchers say Exchange servers remain attractive targets because they sit at the center of corporate communication and identity management systems.
Successful attacks could potentially provide hackers with broad access across enterprise networks.
Experts also warned that attackers closely study mitigation guidance released by vendors and rapidly develop working exploits before some organizations finish deploying protections.
The situation has renewed calls for companies to move away from older on-premises infrastructure toward cloud-based services with centralized security management.
New Windows Zero-Day Concerns Emerging
The Exchange vulnerability is not the only Microsoft security issue raising alarm.
The report also highlighted another zero-day exploit involving Windows 11. A hacker known as Chaotic Eclipse reportedly released proof-of-concept exploit details capable of gaining system-level privileges even on fully patched systems.
The exploit appears connected to a vulnerability originally reported years earlier by researchers from Google Project Zero.
Researchers now fear additional attackers could attempt to weaponize the flaw while waiting for Microsoft to release updated protections.
Cybersecurity Pressure Continues Growing
The growing number of zero-day exploits reflects the increasing pressure technology companies face as cyberattacks become more sophisticated.
Governments, businesses and infrastructure providers continue struggling to defend against rapidly evolving threats targeting email systems, cloud platforms and operating systems.
Cybersecurity professionals increasingly warn that patch management and proactive monitoring are becoming essential parts of modern digital security.
Why This Matters
Zero-day vulnerabilities create serious risks because attackers can exploit them before official patches become widely available. Exchange servers remain especially critical targets because they handle sensitive communications and identity systems for organizations worldwide.
What Happens Next
Organizations using on-premises Exchange servers are expected to continue deploying emergency mitigations while waiting for Microsoft to release a permanent security update. Security researchers will also closely monitor whether attacks linked to the vulnerability continue spreading.
