Bottom Line: A known Exchange vulnerability is being actively exploited to distribute malware via email.
Microsoft has disclosed a security vulnerability in Exchange that attackers are using to distribute malware to Outlook users through manipulated emails. Initial attack campaigns have already been documented.
A security vulnerability in Microsoft Exchange allows attackers to distribute malware to systems of Outlook users via email messages. The attack flow exploits the vulnerability in email processing to deposit malware or further exploit payloads.
For CISOs, this is relevant because Exchange and Outlook are central to communication in most enterprise environments. A successful compromise via this vector endangers the entire email infrastructure and enables attackers to gain access to sensitive data or additional systems through lateral movement.
Microsoft recommends immediately checking Exchange installations and applying available patches. In parallel, email gateways and endpoint protection should be configured accordingly to block and isolate suspicious emails. A risk analysis of existing logs should be conducted to determine whether the vulnerability has already been exploited in your own environment.
Source: www.golem.de · Published June 11, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.