{"version":"1.0","type":"rich","provider_name":"Acast","provider_url":"https://acast.com","height":250,"width":700,"html":"<iframe src=\"https://embed.acast.com/$/66cf6d924960e4eb18d4aa8d/6a0f51543bbd73b46e641ac4?\" frameBorder=\"0\" width=\"700\" height=\"250\"></iframe>","title":"Microsoft Exchange Zero-Day: No Patch, Active Exploitation, Major Risk","thumbnail_width":200,"thumbnail_height":200,"thumbnail_url":"https://open-images.acast.com/shows/66cf6d924960e4eb18d4aa8d/1779388694277-f060586e-c22a-4c0f-8fa9-548134560fc5.jpeg?height=200","description":"<p>A newly disclosed Microsoft Exchange vulnerability is actively being exploited in the wild, and there’s still no permanent patch available. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down CVE-2026-42897, explain how attackers can exploit Outlook Web Access through malicious emails, and discuss why temporary mitigations may not be enough for organizations still running on-prem Exchange.</p><p><br></p><p>⸻</p><p><br></p><p>📄<strong> Show Notes</strong></p><p><br></p><p>🚨<strong> CVE of the Week: Microsoft Exchange / Outlook Web Access Exploit</strong></p><p><br></p><p>This week’s episode focuses on <strong>CVE-2026-42897</strong>, a high-severity vulnerability affecting:</p><p><br></p><ul><li>Microsoft Exchange Server 2016</li><li>Microsoft Exchange Server 2019</li><li>Exchange Subscription Edition</li></ul><p><br></p><p>The vulnerability is a cross-site scripting (XSS) and spoofing flaw impacting <strong>Outlook Web Access (OWA)</strong>.</p><p><br></p><p>⸻</p><p><br></p><p>⚠️<strong> How the Attack Works</strong></p><p><br></p><p>Attackers send specially crafted emails that execute malicious JavaScript when opened through Outlook Web Access.</p><p><br></p><p>Potential impacts include:</p><p><br></p><ul><li>Session hijacking</li><li>Browser-based code execution</li><li>Exchange session theft</li><li>Spoofing attacks</li></ul><p><br></p><p>The vulnerability is already being actively exploited in the wild.</p><p><br></p><p>⸻</p><p><br></p><p>🌐<strong> Who Is Affected?</strong></p><p><br></p><p>This impacts <strong>on-prem Exchange deployments only</strong>.</p><p><br></p><p>Cloud-hosted Exchange Online environments are not currently believed to be affected.</p><p><br></p><p>Organizations most at risk include:</p><p><br></p><ul><li>Enterprises with legacy Exchange infrastructure</li><li>Organizations avoiding cloud email hosting</li><li>Remote-access-heavy environments relying on OWA</li></ul><p><br></p><p>⸻</p><p><br></p><p>🛠️<strong> Mitigation Steps for CVE-2026-42897</strong></p><p><br></p><p>✅<strong> </strong>1️⃣<strong> Apply Microsoft Emergency Mitigations</strong></p><p><br></p><p>Microsoft has released temporary protections through:</p><p><br></p><ul><li>Exchange Emergency Mitigation Service (EEMS)</li><li>URL rewrite mitigation rules</li></ul><p><br></p><p>Apply these immediately.</p><p><br></p><p>⚠️ Important:</p><p>These mitigations are pattern-based and may not block future modified exploits.</p><p><br></p><p>⸻</p><p><br></p><p>✅<strong> </strong>2️⃣<strong> Consider Disabling Outlook Web Access (OWA)</strong></p><p><br></p><p>If operationally possible:</p><p><br></p><ul><li>Disable OWA temporarily</li><li>Require users to use the Outlook desktop client instead</li></ul><p><br></p><p>This significantly reduces exposure.</p><p><br></p><p>⸻</p><p><br></p><p>✅<strong> </strong>3️⃣<strong> Prepare for Operational Side Effects</strong></p><p><br></p><p>Known mitigation side effects include:</p><p><br></p><ul><li>Calendar printing failures</li><li>Inline image rendering problems</li><li>Increased help desk tickets</li></ul><p><br></p><p>Organizations should proactively communicate these issues to users.</p><p><br></p><p>⸻</p><p><br></p><p>✅<strong> </strong>4️⃣<strong> Patch Immediately When Available</strong></p><p><br></p><p>At recording time:</p><p><br></p><ul><li>No permanent patch exists yet</li><li>Apply the official patch immediately once released</li></ul><p><br></p><p>This is not a vulnerability where delayed patching is safe.</p><p><br></p><p>⸻</p><p><br></p><p>🔒<strong> Security Takeaways</strong></p><p><br></p><p>This vulnerability reinforces several growing cybersecurity realities:</p><p><br></p><ul><li>On-prem infrastructure carries operational security burdens</li><li>Browser-based attacks remain highly effective</li><li>Temporary mitigations are not substitutes for permanent fixes</li></ul><p><br></p><p>John and Lou also discuss how attackers increasingly chain vulnerabilities together and how AI-assisted exploit development is accelerating the speed of attacks.</p><p><br></p><p>⸻</p><p><br></p><p>💬<strong> Listener Feedback</strong></p><p><br></p><p>Thanks to listener “ZZZZ” on YouTube for pushing back on last week’s discussion around passwords stored in clear text memory.</p><p><br></p><p>The discussion highlights an important point:</p><p><br></p><ul><li>Many vulnerabilities are low risk for average users</li><li>But become extremely dangerous for high-value targets such as executives and organizations with sensitive data</li></ul><p><br></p><p>⸻</p><p><br></p><p>📣<strong> Wrap Up</strong></p><p><br></p><p>Are organizations moving away from on-prem Exchange fast enough, or are these vulnerabilities making the case for cloud migration even stronger?</p><p><br></p><p>📧 feedback@itsparccast.com</p><p>🐦 @itsparccast on X</p><p><br></p><p>⸻</p><p><br></p><p>🔗<strong> Social Links</strong></p><p><br></p><p>IT SPARC Cast</p><p>@ITSPARCCast on X</p><p>https://www.linkedin.com/company/sparc-sales/ on LinkedIn</p><p><br></p><p>John Barger</p><p>@john_Video on X</p><p>https://www.linkedin.com/in/johnbarger/ on LinkedIn</p><p><br></p><p>Lou Schmidt</p><p>@loudoggeek on X</p><p>https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn</p>","author_name":"John Barger"}