Risk events that matter to specialty insurance
AI-powered event intelligence with automated detection, classification, and transparent review status
RiskEvents
MonitoringImpact: MediumAI Generated

Microsoft Exchange Server Zero-Day XSS Vulnerability Exploited in Active Attacks

Global — Microsoft Exchange Server deployments worldwide; Outlook on the web user baseFirst detected: 18 May 2026, 10:42Updated: 2d ago1 report
Cyber
PropertyCyberCasualty & Liability
No analyst brief has been published for this event.
No ground report has been published for this event.

Impact Assessment Rationale

MEDIUM: Admin recalibration. The event has a plausible London Market pathway, but the current evidence does not support HIGH: no confirmed market-moving insured loss, vessel total loss, major closure, quantified claims estimate, reinsurance trigger, or broad pricing/capacity response is evidenced.

View assessment methodology →

Loading map...

Summary

Microsoft has disclosed a high-severity zero-day vulnerability in Exchange Server that is actively being exploited in the wild. The flaw enables threat actors to execute arbitrary code through cross-site scripting (XSS) attacks targeting Outlook on the web users. Microsoft has issued mitigations while a full patch is pending. The global reach of Exchange Server deployments makes this a significant cyber risk event affecting organisations worldwide.

This summary is AI-generated from linked source reports and may change as more information becomes available. See our correction policy for how to report errors.

Structured Intelligence

known

  • Microsoft disclosed a high-severity zero-day vulnerability in Exchange Server on 15 May 2026
  • The vulnerability is being actively exploited in attacks
  • The attack vector is cross-site scripting (XSS) enabling arbitrary code execution
  • Outlook on the web users are the primary targets
  • Microsoft has released mitigations

reported

  • The vulnerability allows threat actors to execute arbitrary code via XSS
  • Attacks are ongoing at time of publication

uncertain

  • Identity and attribution of threat actors exploiting the vulnerability is unknown
  • Scale and number of organisations affected is not specified
  • Whether a full patch or timeline for patch release has been confirmed
  • Whether this is a state-sponsored operation or cybercriminal activity

Key Entities

MicrosoftMicrosoft Exchange ServerOutlook on the web
Event started: 15 May 2026

Sources

Trade Media

Timeline

Status Change29 May 2026, 05:30

Status changed to monitoring

Auto-transitioned: no updates for 6 hours

Status Change29 May 2026, 05:30

Lifecycle changed

active → monitoring

Status Change28 May 2026, 22:36

Status changed to active

remediation: existing authoritative signal

Status Change28 May 2026, 22:36

Lifecycle changed

signal → active

De-escalation25 May 2026, 21:18

Impact changed

high → medium

Initial Detection18 May 2026, 10:42

Initial Detection

Microsoft has disclosed a high-severity zero-day vulnerability in Exchange Server that is actively being exploited in the wild. The flaw enables threat actors to execute arbitrary code through cross-site scripting (XSS) attacks targeting Outlook on the web users. Microsoft has issued mitigations while a full patch is pending. The global reach of Exchange Server deployments makes this a significant cyber risk event affecting organisations worldwide.

Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users.

Source: BleepingComputer (Trade Media) · View source

← Back to Active Events