NG Solution Team
Technology

Is a zero-day vulnerability in Microsoft Exchange under attack?

Microsoft has issued a warning about a zero-day security vulnerability in Exchange that is currently being exploited. Although no updated software is available yet, Microsoft advises administrators to quickly implement recommended countermeasures. The vulnerability involves insufficient input filtering during website generation, leading to a cross-site scripting issue that allows unauthenticated network attackers to execute spoofing attacks. This affects Outlook Web Access, where manipulated emails can trigger arbitrary JavaScript execution under certain conditions. Affected systems include Exchange Server 2016, 2019, and the Subscription Edition, regardless of update level. While no software updates are provided, the Exchange Emergency Mitigation Service offers an automatic fix. This service, active since September 2021, has already applied countermeasures where enabled. However, these measures may impact certain functionalities such as calendar printing and inline image display in OWA. Microsoft is working on a permanent solution, which will be available in future updates for specific Exchange versions, requiring Extended Security Updates subscriptions for some.

Related posts

Is Samsung’s 2026 TV lineup now available in the UK?

Emily Brown

Is the Satechi CubeDock the ultimate Thunderbolt 5 dock with SSD capabilities?

James Smith

Can You Now Resize iPhone Mirroring in Different Aspect Ratios on macOS 27?

David Jones

This website uses cookies to improve your experience. We assume you agree, but you can opt out if you wish. Accept More Info

Privacy & Cookies Policy