Tech Times

Exchange Server OWA Zero-Day CVE-2026-42897 Exploited With No Permanent Patch and New Mitigation Gaps

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...
Redmond Magazine

Microsoft To Target Insecure Exchange Server E-Mail Connections

IT pros may face deadlines after some recent Exchange team announcements regarding Exchange Online. The to-do list for IT pros potentially includes the July 15, 2023 deprecation of the Remote ...
Morning Overview on MSN

Microsoft Exchange servers are under active attack through CVE-2026-42897 — a spoofing flaw triggered by opening a single crafted email in Outlook Web Access

A single email, opened in a browser, is all it takes. Microsoft Exchange servers running Outlook Web Access (OWA) are being ...

Do you use Microsoft Exchange? Hackers are actively exploiting a new zero-day flaw

Microsoft warns of a new zero-day vulnerability that leaves Exchange open to hackers.