Exchange Server
Coverage of Exchange Server in the Nexus archive.
- Microsoft to retire the OWA Light client in Exchange Server
Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the lightweight version of the Outlook Web App email client, in a future Exchange Server update.
- Microsoft patches Exchange Server zero-day exploited in attacks
Microsoft has patched a zero-day vulnerability in Exchange Server that allows threat actors to execute arbitrary JavaScript code through cross-site scripting (XSS) attacks targeting Outlook Web Access users. The vulnerability is actively exploited, prompting the release of a security update.
- Exploited Exchange Server flaw turns OWA inboxes into script launchpads
Microsoft confirmed a vulnerability in on-premises Exchange Server that could result in script execution in victims' browsers, affecting Outlook Web Access and tracked as CVE-2026-42897. The flaw can be triggered by a specially crafted email and has a CVSS score of 8.1. A mitigation has been released via the Exchange Emergency Mitigation Service.
- Microsoft warns of Exchange zero-day flaw exploited in attacks
Microsoft has warned of a high-severity Exchange Server vulnerability that is being exploited in attacks, allowing threat actors to execute arbitrary code via cross-site scripting. The vulnerability targets Outlook on the web users. Microsoft has shared mitigations for the flaw.
- On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft disclosed a security vulnerability in on-premise Exchange Server versions, tracked as CVE-2026-42897, which has been exploited in the wild. The bug is described as a spoofing issue stemming from a cross-site scripting flaw. An anonymous researcher discovered and reported the issue.
- Microsoft announces product it doesn't want you to buy: Extended security updates for old Exchange, and Skype for Biz
Microsoft will provide extended security updates for older versions of Exchange Server and Skype for Business Server, acknowledging that some customers are not yet ready to migrate to newer products. The company encourages migration but offers financial support for those who cannot upgrade immediately.