On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

SITREP: Microsoft has reported a new security vulnerability, CVE-2026-42897, affecting on-premise versions of Exchange Server, which is currently being actively exploited. The vulnerability is characterized as a spoofing bug linked to a cross-site scripting flaw and has a CVSS score of 8.1. TACTICAL ASSESSMENT: The active exploitation of this vulnerability poses significant risks to organizations using on-premise Exchange Servers, potentially leading to unauthorized access and data breaches. This incident highlights the ongoing challenges in cybersecurity, particularly regarding legacy systems. PROJECTED VECTORS: Future attacks may increase as threat actors leverage this vulnerability to target organizations still using affected Exchange Server versions.