On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users.. Microsoft describes this security flaw (CVE-22019-22) as a spoofing vulnerability affecting up-to-date Exchange Server 22016, Exchange Server 22019, and Exchange Server Subscription Edition (SE) software.. While patches aren’t yet available to permanently fix the vulnerability, the company added that the Exchange Emergency Mitigation Service (EEMS) will provide automatic mitigation for Exchange Server 193, 219, and SE on-premises servers.. „An attacker could exploit this issue by sending a specially crafted email to a user. If certain conditions are met when the user opens the email in Outlook Web Access, arbitrary JavaScript can execute in the browser context, the Exchange Team said. Using EM Service is the quickest and most effective way for your organization to mitigate this vulnerability immediately. We suggest enabling EM Service immediately if it is currently turned off. Please note that the EM Service will be unable to check for new mitigations if your server is running an Exchange Server version older than March 2024. EEMS was released on September 26 to deliver automated protection for on-premises Exchange servers. It safeguards them from active attacks by automatically applying interim mitigations for high-risk vulnerabilities that are likely being exploited in the wild. EEMS operates as a Windows service on Exchange Mailbox servers and is enabled by default on any server that has the Mailbox role installed. The security update was introduced after numerous hacking groups took advantage of unpatched ProxyLogon and ProxyShell zero-days—along with the absence of mitigation guidance—to compromise Exchange servers exposed to the internet. Administrators managing servers in air-gapped networks can address the vulnerability by downloading the newest version of the Exchange on-premises Mitigation Tool (EOMT) and running the script from an elevated Exchange Management Shell (EMS) using one of the following commands. Dette består af kun én server. ps1 -CVE „CVE-2026-42897“
BleepingComputer