Important Security Advisory – Microsoft Exchange Vulnerability (CVE-2026-42897)

Dear Customer,

Microsoft recently identified a new Microsoft Exchange Server vulnerability: CVE-2026-42897 (announced on May 14, 2026).

At present, Microsoft has not yet released a permanent security update for this vulnerability. However, Microsoft has automatically deployed a temporary mitigation through the Emergency Mitigation (EEM) service to help reduce the associated risk on affected Exchange servers.

Please note that the temporary mitigation may introduce some known side effects, including:

• OWA “Print Calendar” functionality may not work correctly.
• Inline images may not display properly in OWA reading pane.
• OWA Light mode may not function as expected.
• Monitoring systems may report health alerts.
• Some servers may display “Mitigation invalid for this exchange version” despite mitigation being successfully applied.

These are currently known behaviors acknowledged by Microsoft as part of the temporary mitigation process.

Where applicable, Microsoft recommends using the Outlook Desktop application as an alternative workaround for affected OWA functionalities.

For more details, please refer to Microsoft’s official advisory: Microsoft Exchange Security Advisory – CVE-2026-42897

Rest assured that our Exchange and Infrastructure teams are actively monitoring the situation, and the official Microsoft security update will be applied to managed environments as soon as it becomes available.

Thank you for your understanding.