High Threat Security Alert (A26-05-28): Vulnerability in Microsoft Exchange Server


 

Published on: 15 May 2026

Description:

Microsoft has released a security update to address a vulnerability in Microsoft Exchange Server. A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerability.

Reports indicated that a spoofing vulnerability (CVE-2026-42897) is being exploited in the wild. System administrators are advised to follow the recommendations provided by the vendors to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Microsoft Exchange Server 2016 Cumulative Update 23
  • Microsoft Exchange Server 2019 Cumulative Update 14
  • Microsoft Exchange Server 2019 Cumulative Update 15
  • Microsoft Exchange Server Subscription Edition RTM

For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.

 

Impact:

Successful exploitation of the vulnerability could lead to spoofing on an affected system.

 

Recommendation:

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42897


Tag: Microsoft , Microsoft Exchange Server
Tags