Microsoft Exchange Zero-Day Under Attack, No Patch Available
Source: Darkreading
Published:
<p>CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.</p> <p>Microsoft on Thursday disclosed a zero-day vulnerability in Exchange that's under active exploitation, but four days later customers are still aw