> TritonInfoSec News
Home / May 17, 2026 / Story
0
#1 BleepingComputer general May 15, 2026 at 09:40 UTC

Microsoft warns of Exchange zero-day flaw exploited in attacks

By Sergiu Gatlan

AI Summary

Microsoft disclosed CVE-2026-42897, a high-severity Exchange Server zero-day being actively exploited in the wild. The flaw enables arbitrary code execution via cross-site scripting (XSS) targeting Outlook on the web users, with Microsoft providing mitigations while a permanent patch is pending. Security teams running on-premises Exchange should apply the published mitigations immediately given active exploitation.

Read full article → https://www.bleepingcomputer.com/news/microsoft/mi…

Relevance score: 88.0/100

# More from May 17

  1. 2
    Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 SecurityWeek
  2. 3
    Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access The Hacker News
  3. 4
    Popular node-ipc npm package compromised to steal credentials BleepingComputer
  4. 5
    OpenAI Hit by TanStack Supply Chain Attack SecurityWeek
  5. 6
    Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own BleepingComputer
  6. 7
    Funnel Builder WordPress plugin bug exploited to steal credit cards BleepingComputer
  7. 8
    Avada Builder WordPress plugin flaws allow site credential theft BleepingComputer
  8. 9
    PoC Code Published for Critical NGINX Vulnerability SecurityWeek
  9. 10
    Microsoft backpedals: Edge to stop loading passwords into memory BleepingComputer