Vulnerability Overview
Microsoft has issued an urgent security advisory regarding a critical spoofing vulnerability in Exchange Server that is currently being actively exploited in real world attacks. The flaw, which carries a high severity score, targets the Outlook Web Access component of on premises Exchange deployments. Threat actors are leveraging this vulnerability to compromise organizational systems before a permanent security update is available.
The vulnerability stems from improper input neutralization during web page generation, a common cross site scripting issue. An unauthenticated attacker can exploit it by sending a specially crafted email to a user. If the recipient opens the message in Outlook Web Access and meets certain interaction conditions, arbitrary JavaScript can execute in the browser, enabling network level spoofing without requiring prior administrative privileges.
Affected Systems and Mitigations
The vulnerability impacts multiple versions of Exchange Server, including Exchange Server 2016, Exchange Server 2019, and the Exchange Server Subscription Edition across all update levels. The low attack complexity and network based execution model make this an attractive tool for attackers aiming to hijack user sessions or manipulate browser data. Cloud based Microsoft Exchange Online is not affected by this threat.
While a permanent security update is in development, Microsoft has deployed a temporary safeguard through the automated Exchange Emergency Mitigation Service. For organizations where this service is enabled, the mitigation identified as M2.1.x is automatically applied. Administrators operating disconnected or air gapped networks must manually download and apply the fix.
Source: Cyber Security News
