Originally published at: Microsoft patches actively exploited Exchange Server zero-day (CVE-2026-42897) - ToolsLib Blog
Microsoft patched an actively exploited Exchange Server zero-day (CVE-2026-42897) that enables XSS against Outlook Web Access users. Admins should install June 2026 updates promptly and keep EEMS mitigations enabled.