Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Microsoft warns of Exchange zero-day flaw exploited in attacks

Summary by BleepingComputer
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users.

12 Articles

BleepingComputerBleepingComputer
Center

Microsoft warns of Exchange zero-day flaw exploited in attacks

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users.

Read Full Article
winfuture.dewinfuture.de

Exchange Server 2026: Critical Vulnerability Forces Compromise

A critical vulnerability currently threatens numerous local Exchange servers. Attackers can execute malicious code via prepared emails. A final patch is missing, which puts IT managers before difficult decisions. (Read more)

Read Full Article
SempreUPdateSempreUPdate

CVE-2026-42897: Microsoft Alerts to Zero-Day Critical Failure on Exchange Server

Microsoft has confirmed the active exploitation of the CVE-2026-42897 vulnerability in the Exchange Server, placing administrators and security teams on alert. Failure, classified as zero-day, is already being used in real attacks even before the availability of a definitive patch. The problem affects local environments of the Exchange Server and allows attacks involving Outlook Web Access (OWA) through a Cross-Site Scripting (XSS) vulnerability…

Read Full Article
securityweek.comsecurityweek.com
Reposted by
cybernoz.comcybernoz.com

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek.

Read Full Article
Global Security Mag OnlineGlobal Security Mag Online

Vulnerability in Microsoft Exchange Server (15 May 2026)

A vulnerability has been discovered in Microsoft Exchange Server. It allows an attacker to cause a remote indirect code injection (XSS) and a circumvention of security policy. Microsoft indicates that the vulnerability CVE-2026-42897 is actively exploited. See online: https://www.cert.ssi.gouv.fr/avis/C...

Read Full Article
Help Net SecurityHelp Net Security

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

A critical XSS vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news on Friday, May 15, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Redmond, Washington icon

Redmond, Washington

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal