Microsoft Exchange Zero-Day Under Attack, No Patch Available

Microsoft disclosed a zero-day vulnerability (CVE-2026-42897) in Exchange Outlook Web Access (OWA) that is actively being exploited and stems from a cross-site scripting (XSS) flaw allowing attackers to compromise mailboxes and execute spoofing attacks. While no patch is yet available, Microsoft recommends enabling the Exchange Emergency Mitigation Service or applying an updated mitigation tool to reduce risk until a security update is released.

https://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top