Tag: cve 2026 42897
4 articles

Microsoft Fixes Zero-Day Flaw in Exchange Server Exploited in Attacks
Microsoft has patched a high-severity flaw in Exchange Server, known as CVE-2026-42897, which allowed hackers to execute malicious JavaScript in victims' browsers simply by sending a specially crafted email. This zero-day vulnerability was actively exploited in attacks, putting Outlook Web Access users at risk.

Microsoft Exchange Servers Targeted in Active Exploitation
Microsoft has sounded the alarm on a critical vulnerability in on-premise Exchange Servers, known as CVE-2026-42897, that's currently being exploited by hackers - and the company is urging affected users to act fast. A temporary fix is in place, with a permanent patch on the way.

Microsoft Warns of Severe Zero-Day Flaw in On-Prem Exchange Servers
Microsoft just sounded the alarm on a severe zero-day flaw in on-prem Exchange servers, warning that a high-severity vulnerability could let attackers send malicious code to victims via specially crafted emails. This flaw, tracked as CVE-2026-42897, has already been automatically mitigated if the EM Service is enabled, which it is by default.

Microsoft Exchange Servers Targeted by Active CVE-2026-42897 Exploit
Microsoft warns of a high-severity vulnerability, CVE-2026-42897, in its Exchange Servers, allowing attackers to spoof network communications via a cleverly crafted email. This cross-site scripting flaw has been actively exploited, earning a concerning CVSS score of 8.1.