SECURITY 😄 Satire

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

🔴 BREAKING

Microsoft warns about a new Exchange Server spoofing bug actively exploited in attacks. CVSS score 8.1 makes it a serious threat to on-prem servers.

Microsoft confirmed a new vulnerability in on-premise Exchange Server is being actively exploited by attackers. The spoofing bug, tracked as CVE-2026-42897 with a CVSS score of 8.1, lets hackers send crafted emails that bypass security checks.

By GlobalBR News · via The Hacker News

May 15, 2026 at 2:19 AM UTC

5 min read

Text size:

TL;DR

Attackers are exploiting a Microsoft Exchange Server spoofing bug via malicious emails right now.

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email — A close-up of a server rack in a dimly lit data center, with a warning symbol overlayed to highlight the Exchange Server

Key Points

Microsoft confirms active exploitation of Exchange Server bug CVE-2026-42897
Bug lets attackers spoof emails and bypass security checks
CVSS score of 8.1 means it's a serious threat

📰 Continuing coverage: Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

Microsoft just warned about CVE-2026-42897, a spoofing vulnerability in on-premise Exchange Server versions that attackers are already exploiting. The bug stems from a cross-site scripting flaw and carries a CVSS score of 8.1, putting it in the “high severity” category. That’s serious enough for any organization running their own Exchange Server to take notice immediately. Cloud versions of Exchange aren’t affected, which makes this an on-premise problem for now. The flaw lets attackers send specially crafted emails that trick the server into accepting them as legitimate, even when they contain malicious content. It’s the kind of bug that could let hackers gain a foothold in a network before moving laterally to other systems. The anonymous researcher who found the bug reported it to Microsoft earlier this year, giving the company time to prepare patches and advisories. Microsoft hasn’t disclosed how widespread the attacks are yet, but the fact that it’s already being exploited means organizations shouldn’t wait to apply fixes. The company released patches in this month’s Patch Tuesday updates, so if you’re running an on-premise Exchange Server, update now or risk falling victim. The vulnerability affects Exchange Server 2013 through 2019, so anyone running those versions needs to act quickly. Exchange Online, Microsoft’s cloud service, isn’t impacted, which is a small comfort but doesn’t help the thousands of organizations still relying on older on-premise setups. Security teams should also check their email security gateways and spam filters for any signs of suspicious activity targeting this flaw. The bug works by exploiting how Exchange handles certain email headers, tricking the server into treating a malicious email as safe. It’s a classic spoofing attack, but one that could have serious consequences if left unpatched. Microsoft hasn’t shared details about the attackers, but spoofing bugs like this are often used in phishing campaigns or to deliver malware. The timing of the disclosure is no accident—it’s a reminder that even long-standing software like Exchange isn’t immune to new vulnerabilities. Organizations that delay patching risk falling behind, especially with threat actors already probing for weaknesses. If you’re not sure whether your systems are vulnerable, run Microsoft’s Exchange Server Health Checker tool to scan for unpatched systems. The tool will flag any versions that need immediate attention. It’s a simple step that could save your network from a breach. Beyond patching, admins should also review their email security policies. Adding extra layers like DMARC, DKIM, and SPF can help block spoofed emails before they reach users. These protocols won’t fix the bug, but they make it harder for attackers to exploit similar flaws in the future. The bigger picture here is that on-premise Exchange servers are still a prime target for hackers. Even though Microsoft pushes cloud services hard, many companies keep their email infrastructure in-house for control or compliance reasons. That choice now comes with real risks, especially when patches aren’t applied quickly. The good news is that Microsoft responded fast with fixes and guidance. The bad news is that patching Exchange is always a headache—it often requires downtime, testing, and coordination across teams. But skipping it isn’t an option. The next few weeks will show just how aggressively attackers are targeting this flaw. If history is any guide, we’ll see more exploit attempts as cybercriminals race to weaponize the bug before organizations catch up. Stay alert, update your systems, and don’t assume your email server is safe just because it’s been running for years without issues.

What You Need to Know

Source: The Hacker News
Published: May 15, 2026 at 06:19 UTC
Category: Security
Topics: #hackernews · #security · #vulnerabilities · #vulnerability · #prem-microsoft-exchange · #server

Read the Full Story

This is a curated summary. For the complete article, original data, quotes and full analysis:

Read the full story on The Hacker News →

All reporting rights belong to the respective author(s) at The Hacker News. GlobalBR News summarizes publicly available content to help readers discover the most relevant global news.

Curated by GlobalBR News · May 15, 2026

🇧🇷 Resumo em Português

Hackers brasileiros já miram novo golpe contra servidores corporativos: Microsoft alerta para vulnerabilidade crítica no Exchange

Uma nova vulnerabilidade no Microsoft Exchange Server, classificada como spoofing e com pontuação 8,1 na escala CVSS — considerada alta —, está sendo explorada por cibercriminosos em ataques direcionados a empresas que ainda mantêm seus servidores on-premises. A Microsoft confirmou que invasores estão utilizando e-mails manipulados para burlar os sistemas de autenticação, possibilitando acesso não autorizado a dados sensíveis e até mesmo a execução de códigos maliciosos. Especialistas em segurança digital alertam que, no Brasil, onde muitas organizações ainda dependem de infraestruturas legadas, o risco de grandes vazamentos é iminente, especialmente em setores como finanças, saúde e indústria, que costumam ser alvos frequentes de grupos criminosos.

A exploração da CVE-2026-42897 representa um desafio adicional para as empresas brasileiras, já acostumadas a lidar com ondas de ataques cibernéticos, como ransomware e phishing. Diferente das vulnerabilidades em nuvem, que muitas vezes recebem atualizações automáticas, servidores on-premises dependem de manutenção manual e atualizações frequentes para mitigar riscos — um processo que, no Brasil, ainda enfrenta resistência devido a custos e falta de priorização por parte de algumas gestões. Além disso, a proximidade com o período de declaração de impostos, quando empresas movimentam grandes volumes de dados fiscais, pode tornar o cenário ainda mais atrativo para os atacantes.

Enquanto a Microsoft já disponibilizou patches de segurança para corrigir a falha, a expectativa é de que novas variantes do ataque surjam nas próximas semanas, exigindo que as organizações brasileiras acelerem a aplicação das atualizações e invistam em treinamentos de conscientização para evitar que colaboradores caiam em armadilhas.

Original Source

The Hacker News

Read full article at The Hacker News →

This post is a curated summary. All rights belong to the original author(s) and The Hacker News.

#hackernews #security #vulnerabilities #vulnerability #prem-microsoft-exchange #server #exploited #crafted-email-microsoft #exchange-server #microsoft-exchange-server-vulnerability #cve-2026-42897 #exchange-server-spoofing-bug #on-premise-exchange-security #microsoft-patch-tuesday-exchange #exchange-server-2019-vulnerability #email-spoofing-attack #how-to-patch-exchange-server-bug #active-exploitation-exchange-server-flaw #exchange-server-cvss-score-81

Key Topics: Microsoft Exchange Server CVE-2026-42897 Patch Tuesday

Was this article helpful?

Discussion

Frequently Asked Questions

What exactly is CVE-2026-42897 and how does it work?

CVE-2026-42897 is a spoofing vulnerability in Microsoft Exchange Server that lets attackers send malicious emails disguised as legitimate ones. The bug exploits how Exchange handles email headers, tricking the server into accepting harmful content. It’s already being used in attacks, so patching is urgent.

Which versions of Exchange Server are affected by this bug?

The vulnerability impacts on-premise versions of Exchange Server 2013, 2016, and 2019. Cloud-based Exchange Online isn’t affected, so organizations using Microsoft’s hosted service are safe for now.

How serious is this vulnerability? What’s the CVSS score?

The bug has a CVSS score of 8.1, which falls into the 'high severity' category. That means it’s a serious threat that could let attackers bypass security checks and compromise systems if left unpatched.

Has anyone been hit by attacks exploiting this bug yet?

Microsoft confirmed the bug is being actively exploited, but hasn’t disclosed how widespread the attacks are. Security teams should assume the flaw is already being targeted and act quickly to patch their systems.

What should I do if I run an on-premise Exchange Server?

Install the latest patches from Microsoft’s Patch Tuesday updates immediately. Then run the Exchange Server Health Checker tool to verify no systems are left unpatched. Review email security policies and add DMARC, DKIM, and SPF to block spoofed emails.

`/`	Focus search
`j`	Next post
`k`	Previous post
`h`	Go home
`?`	Show this help

What You Need to Know

Read the Full Story

🇧🇷 Resumo em Português

Discussion

Frequently Asked Questions

Related Articles

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Sk...

Android 16 bug lets apps bypass VPNs and leak your IP address

Russian hackers turn Kazuar backdoor into a sneaky P2P botnet

Get today's top stories →