The company said that the vulnerability results from a defect in the processing of web pages, which allows attackers to execute malicious code within user sessions via the Outlook Web Access interface, which may give them the ability to control sessions or execute commands within the user environment.
She explained that the affected versions include “Exchange Server 2016,” “Exchange Server 2019,” and “Exchange Server Subscription Edition,” while confirming that the “Exchange Online” cloud service is not affected by the vulnerability.
The US Cybersecurity and Infrastructure Agency confirmed that the vulnerability has been added to the list of actually exploited vulnerabilities, indicating that there are real attacks underway targeting vulnerable systems.
According to security reports, the vulnerability can be exploited by sending a malicious email message, and when it is opened via the web interface, malicious codes are executed that may open the door to broader penetrations within the internal networks of organizations.
Microsoft called on organizations to activate the “Exchange for Emergency and Security Mitigation” service immediately, in addition to running the “Exchange Safety Check” tool to verify that protection measures are being applied correctly, warning that disabling these services may leave systems vulnerable to direct hacking.
Cybersecurity experts also recommended moving to cloud solutions such as “Online Exchange,” or isolating local servers behind additional protection systems based on the “zero trust” principle, to reduce the risks of cyberattacks.
This vulnerability is considered one of the most dangerous current “zero-day” threats targeting institutional email systems, with confirmation that it has actually been exploited in active cyber attacks.
