Microsoft Patches Exploited Exchange Server Vulnerability

Microsoft patched CVE-2026-42897, a high-severity Exchange Server spoofing vulnerability exploited in zero-day attacks. The flaw allows remote, unprivileged attackers to execute arbitrary JavaScript in cross-site scripting attacks targeting Outlook Web Access users. Affected versions include Exchange Server 2016, 2019, and Subscription Edition.