Skip to content
The Nexus
DossierENTITY

Exchange Server

Coverage of Exchange Server in the Nexus archive.

Earliest in view: Apr 16 · 10:01 UTCMost recent: Jul 9 · 11:00 UTC
Co-mentioned in this coverage
Recent coverage
  • TECHNOLOGYJul 9 · 11:00 UTCBLEEPING COMPUTER
    Microsoft to retire the OWA Light client in Exchange Server

    Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the lightweight version of the Outlook Web App email client, in a future Exchange Server update.

  • SECURITYJun 10 · 13:44 UTCBLEEPING COMPUTER
    Microsoft patches Exchange Server zero-day exploited in attacks

    Microsoft has patched a zero-day vulnerability in Exchange Server that allows threat actors to execute arbitrary JavaScript code through cross-site scripting (XSS) attacks targeting Outlook Web Access users. The vulnerability is actively exploited, prompting the release of a security update.

  • SECURITYMay 15 · 11:51 UTCTHE REGISTER
    Exploited Exchange Server flaw turns OWA inboxes into script launchpads

    Microsoft confirmed a vulnerability in on-premises Exchange Server that could result in script execution in victims' browsers, affecting Outlook Web Access and tracked as CVE-2026-42897. The flaw can be triggered by a specially crafted email and has a CVSS score of 8.1. A mitigation has been released via the Exchange Emergency Mitigation Service.

  • SECURITYMay 15 · 09:40 UTCBLEEPING COMPUTER
    Microsoft warns of Exchange zero-day flaw exploited in attacks

    Microsoft has warned of a high-severity Exchange Server vulnerability that is being exploited in attacks, allowing threat actors to execute arbitrary code via cross-site scripting. The vulnerability targets Outlook on the web users. Microsoft has shared mitigations for the flaw.

  • SECURITYMay 15 · 06:19 UTCTHE HACKER NEWS
    On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

    Microsoft disclosed a security vulnerability in on-premise Exchange Server versions, tracked as CVE-2026-42897, which has been exploited in the wild. The bug is described as a spoofing issue stemming from a cross-site scripting flaw. An anonymous researcher discovered and reported the issue.

  • TECHNOLOGYApr 16 · 10:01 UTCTHE REGISTER
    Microsoft announces product it doesn't want you to buy: Extended security updates for old Exchange, and Skype for Biz

    Microsoft will provide extended security updates for older versions of Exchange Server and Skype for Business Server, acknowledging that some customers are not yet ready to migrate to newer products. The company encourages migration but offers financial support for those who cannot upgrade immediately.