EPISODE · May 22, 2026 · 10 MIN
Microsoft Exchange Zero-Day: No Patch, Active Exploitation, Major Risk
from IT SPARC Cast
A newly disclosed Microsoft Exchange vulnerability is actively being exploited in the wild, and there’s still no permanent patch available. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down CVE-2026-42897, explain how attackers can exploit Outlook Web Access through malicious emails, and discuss why temporary mitigations may not be enough for organizations still running on-prem Exchange.⸻📄 Show Notes🚨 CVE of the Week: Microsoft Exchange / Outlook Web Access ExploitThis week’s episode focuses on CVE-2026-42897, a high-severity vulnerability affecting:Microsoft Exchange Server 2016Microsoft Exchange Server 2019Exchange Subscription EditionThe vulnerability is a cross-site scripting (XSS) and spoofing flaw impacting Outlook Web Access (OWA).⸻⚠️ How the Attack WorksAttackers send specially crafted emails that execute malicious JavaScript when opened through Outlook Web Access.Potential impacts include:Session hijackingBrowser-based code executionExchange session theftSpoofing attacksThe vulnerability is already being actively exploited in the wild.⸻🌐 Who Is Affected?This impacts on-prem Exchange deployments only.Cloud-hosted Exchange Online environments are not currently believed to be affected.Organizations most at risk include:Enterprises with legacy Exchange infrastructureOrganizations avoiding cloud email hostingRemote-access-heavy environments relying on OWA⸻🛠️ Mitigation Steps for CVE-2026-42897✅ 1️⃣ Apply Microsoft Emergency MitigationsMicrosoft has released temporary protections through:Exchange Emergency Mitigation Service (EEMS)URL rewrite mitigation rulesApply these immediately.⚠️ Important:These mitigations are pattern-based and may not block future modified exploits.⸻✅ 2️⃣ Consider Disabling Outlook Web Access (OWA)If operationally possible:Disable OWA temporarilyRequire users to use the Outlook desktop client insteadThis significantly reduces exposure.⸻✅ 3️⃣ Prepare for Operational Side EffectsKnown mitigation side effects include:Calendar printing failuresInline image rendering problemsIncreased help desk ticketsOrganizations should proactively communicate these issues to users.⸻✅ 4️⃣ Patch Immediately When AvailableAt recording time:No permanent patch exists yetApply the official patch immediately once releasedThis is not a vulnerability where delayed patching is safe.⸻🔒 Security TakeawaysThis vulnerability reinforces several growing cybersecurity realities:On-prem infrastructure carries operational security burdensBrowser-based attacks remain highly effectiveTemporary mitigations are not substitutes for permanent fixesJohn and Lou also discuss how attackers increasingly chain vulnerabilities together and how AI-assisted exploit development is accelerating the speed of attacks.⸻💬 Listener FeedbackThanks to listener “ZZZZ” on YouTube for pushing back on last week’s discussion around passwords stored in clear text memory.The discussion highlights an important point:Many vulnerabilities are low risk for average usersBut become extremely dangerous for high-value targets such as executives and organizations with sensitive data⸻📣 Wrap UpAre organizations moving away from on-prem Exchange fast enough, or are these vulnerabilities making the case for cloud migration even stronger?📧 [email protected]🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.
What this episode covers
A newly disclosed Microsoft Exchange vulnerability is actively being exploited in the wild, and there’s still no permanent patch available. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down CVE-2026-42897, explain how attackers can exploit Outlook Web Access through malicious emails, and discuss why temporary mitigations may not be enough for organizations still running on-prem Exchange.⸻📄 Show Notes🚨 CVE of the Week: Microsoft Exchange / Outlook Web Access ExploitThis week’s episode focuses on CVE-2026-42897, a high-severity vulnerability affecting:Microsoft Exchange Server 2016Microsoft Exchange Server 2019Exchange Subscription EditionThe vulnerability is a cross-site scripting (XSS) and spoofing flaw impacting Outlook Web Access (OWA).⸻⚠️ How the Attack WorksAttackers send specially crafted emails that execute malicious JavaScript when opened through Outlook Web Access.Potential impacts include:Session hijackingBrowser-based code executionExchange session theftSpoofing attacksThe vulnerability is already being actively exploited in the wild.⸻🌐 Who Is Affected?This impacts on-prem Exchange deployments only.Cloud-hosted Exchange Online environments are not currently believed to be affected.Organizations most at risk include:Enterprises with legacy Exchange infrastructureOrganizations avoiding cloud email hostingRemote-access-heavy environments relying on OWA⸻🛠️ Mitigation Steps for CVE-2026-42897✅ 1️⃣ Apply Microsoft Emergency MitigationsMicrosoft has released temporary protections through:Exchange Emergency Mitigation Service (EEMS)URL rewrite mitigation rulesApply these immediately.⚠️ Important:These mitigations are pattern-based and may not block future modified exploits.⸻✅ 2️⃣ Consider Disabling Outlook Web Access (OWA)If operationally possible:Disable OWA temporarilyRequire users to use the Outlook desktop client insteadThis significantly reduces exposure.⸻✅ 3️⃣ Prepare for Operational Side EffectsKnown mitigation side effects include:Calendar printing failuresInline image rendering problemsIncreased help desk ticketsOrganizations should proactively communicate these issues to users.⸻✅ 4️⃣ Patch Immediately When AvailableAt recording time:No permanent patch exists yetApply the official patch immediately once releasedThis is not a vulnerability where delayed patching is safe.⸻🔒 Security TakeawaysThis vulnerability reinforces several growing cybersecurity realities:On-prem infrastructure carries operational security burdensBrowser-based attacks remain highly effectiveTemporary mitigations are not substitutes for permanent fixesJohn and Lou also discuss how attackers increasingly chain vulnerabilities together and how AI-assisted exploit development is accelerating the speed of attacks.⸻💬 Listener FeedbackThanks to listener “ZZZZ” on YouTube for pushing back on last week’s discussion around passwords stored in clear text memory.The discussion highlights an important point:Many vulnerabilities are low risk for average usersBut become extremely dangerous for high-value targets such as executives and organizations with sensitive data⸻📣 Wrap UpAre organizations moving away from on-prem Exchange fast enough, or are these vulnerabilities making the case for cloud migration even stronger?📧 [email protected]🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.
NOW PLAYING
Microsoft Exchange Zero-Day: No Patch, Active Exploitation, Major Risk
No transcript for this episode yet
Similar Episodes
Feb 4, 2026 ·18m
Sep 26, 2023 ·65m