Exchange Server Vulnerability CVE-2026-42897

Hi All,

Yesterday Microsoft has released an Information about an Exchange Server Vulnerability.

• Addressing Exchange Server May 2026 vulnerability CVE-2026-42897
• CVE-2026-42897

I’ve already written about the Exchange Emergency Mitigation Service here

• Exchange Server October 2022 Security Updates released

Exchange Emergency Mitigation Service

Exchange Emergency Mitigation Service is enabled by default.

Get-OrganizationConfig | fl MitigationsEnabled

Check Mitigations - According to the Exchange Team Blog it’s Applied even the Desciption says: “Mitigation invalid for this exchange version.”

."C:\Program Files\Microsoft\Exchange Server\V15\scripts\Get-Mitigations.ps1"

Or you can change to the $ExScripts Directory and start the Script from there

cd $exscripts
.\Get-Mitigations.ps1

List Mitigations for a specific Server

Get-ExchangeServer -Identity ICESRV02 | Format-List Name,MitigationsApplied

Regards
Andres Bohren