Vulnerability Details and Attack Vector
CISA has issued an urgent alert regarding a newly disclosed security flaw in Microsoft Exchange Server that is already being actively exploited in the wild. The vulnerability is a cross site scripting (XSS) issue affecting Outlook Web Access (OWA). It arises from improper handling of web page generation, allowing an attacker to inject and execute arbitrary JavaScript within a victim’s browser session under specific interaction conditions.
Because Exchange Server is a cornerstone of enterprise email infrastructure, such XSS flaws pose significant risks. An attacker can craft a malicious link that, when clicked by an authenticated user, executes harmful scripts within that user’s active session. This can lead to credential theft, unauthorized mailbox access, and further movement within the target network.
Impact and Required Remediation
The flaw was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, confirming that threat actors are actively exploiting it. Federal civilian agencies subject to Binding Operational Directive (BOD) 22-01 must apply patches or other mitigations by a specified deadline. While Microsoft has not linked this particular exploit to ransomware campaigns, Exchange servers have historically been high value targets for attackers seeking sensitive communications and authentication data.
CISA urges all organizations running Microsoft Exchange Server to immediately apply vendor provided security updates. If patching is not immediately feasible, administrators should implement Microsoft’s recommended workarounds or temporarily disconnect affected systems. Security teams are also advised to audit Exchange logs for suspicious activity, such as unusual authentication patterns, to detect potential compromise.
Source: Cyber Security News
