ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME20:40:48 UTC
← All briefs
HIGHCyber IntelligenceSaturday, May 16, 2026

Microsoft Exchange zero-day exploited in active attacks

High-severity vulnerability enables arbitrary code execution through cross-site scripting targeting Outlook on the web users. Mitigations released Thursday.

Microsoft disclosed a high-severity Exchange Server vulnerability actively exploited in the wild. The flaw permits threat actors to execute arbitrary code via cross-site scripting when targeting users of Outlook on the web.

The company released mitigations Thursday but has not yet issued a patch. The vulnerability's exploitation in live attacks elevates urgency for organizations running Exchange Server environments. Cross-site scripting attacks typically allow adversaries to inject malicious scripts into web applications, compromising user sessions and data.

Microsoft's advisory provides interim protections while a full security update remains in development. Organizations dependent on Exchange Server for email infrastructure face immediate exposure until patches deploy.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
Implications
  • 01Exchange Server administrators must apply Microsoft's interim mitigations immediately to reduce attack surface.
  • 02Organizations using Outlook on the web face elevated risk of session compromise and data exfiltration.
  • 03Threat intelligence teams should monitor for exploitation indicators and adjust detection rules accordingly.
Source
BleepingComputer
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#microsoft exchange#zero-day#cross-site scripting#outlook#vulnerability#active exploitation
Related Briefs