Microsoft warns Exchange Server flaw is being exploited before patch release

Microsoft has warned administrators that attackers are actively exploiting a newly disclosed Microsoft Exchange Server vulnerability before a permanent security update is available. The flaw is tracked as CVE-2026-42897 and affects on-premises Exchange Server environments through Outlook Web Access. Microsoft classifies the issue as a high-severity spoofing vulnerability tied to cross-site scripting. An attacker can […] The post Microsoft warns Exchange Server flaw is being exploited before patch release appeared first on VPN Central.