Microsoft Exchange

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

email security, Exchange, exploited, Microsoft Exchange, Vulnerabilities, Zero-Day /

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild 2026-05-15 at 15:32 By Eduard Kovacs Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt […]

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild Read More »

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, vulnerability /

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) 2026-05-15 at 14:32 By Zeljka Zorz A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) Read More »

Microsoft adds high-volume email sending to Exchange Online

Microsoft, Microsoft Exchange, News /

Microsoft adds high-volume email sending to Exchange Online 2026-04-02 at 07:58 By Anamarija Pogorelec Organizations that rely on Exchange Online for internal communications have long needed a way to send large volumes of automated messages, such as payroll notifications, IT alerts, and security advisories, without running into the sending limits designed for person-to-person email. Microsoft

Microsoft adds high-volume email sending to Exchange Online Read More »

CISA and partners take action as Microsoft Exchange security risks mount

CISA, Don't miss, email security, guidelines, Hot stuff, Microsoft Exchange, News, NSA, tips /

CISA and partners take action as Microsoft Exchange security risks mount 2025-10-31 at 19:32 By Zeljka Zorz In partnership with international cybersecurity agencies, the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) outlined security best practices for organizations that use on-premises versions of Microsoft Exchange Server. Microsoft Exchange servers are

CISA and partners take action as Microsoft Exchange security risks mount Read More »

Microsoft patches three zero-days actively exploited by attackers

0patch, Don't miss, drivers, Hot stuff, Immersive, Microsoft, Microsoft Exchange, MS Office, News, Patch Tuesday, Tenable, Trend Micro, Windows /

Microsoft patches three zero-days actively exploited by attackers 2025-10-15 at 13:18 By Zeljka Zorz On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827. The actively exploited vulnerabilities are an unusual mix CVE-2025-24990 is in the third-party driver (ltmdm64.sys) for the software-based Agere Modem,

Microsoft patches three zero-days actively exploited by attackers Read More »

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)

CISA, cloud security, Don't miss, Email, enterprise, Hot stuff, hybrid IT, Microsoft Exchange, News /

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) 2025-08-07 at 17:40 By Zeljka Zorz “In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace,” Microsoft has announced on Wednesday.

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) Read More »

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment

hybrid, Microsoft Exchange, Vulnerabilities, vulnerability /

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment 2025-08-07 at 14:23 By Eduard Kovacs CISA and Microsoft have issued advisories for CVE-2025-53786, a high-severity flaw allowing privilege escalation in cloud environments.  The post Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Read More »

Researchers unearth keyloggers on Outlook login pages

credentials, data theft, Don't miss, Government, Hot stuff, Microsoft Exchange, News, Outlook, Positive Technologies /

Researchers unearth keyloggers on Outlook login pages 2025-06-17 at 18:37 By Zeljka Zorz Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned. The keylogging JavaScript code (Source:

Researchers unearth keyloggers on Outlook login pages Read More »

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

BSI, Don't miss, enterprise, Germany, Hot stuff, Microsoft Exchange, News, Shadowserver, vulnerability /

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

Automox, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V 2024-03-12 at 22:11 By Zeljka Zorz On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesday, the

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V Read More »

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

0-day, APT, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, MS Office, News, Tenable, Trend Micro, vulnerability /

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) 2024-02-13 at 22:01 By Zeljka Zorz On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) Read More »

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

APT, cyber espionage, Don't miss, Email, EU, Hot stuff, Microsoft, Microsoft Exchange, News, Outlook, vulnerability /

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)

DDoS, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Trend Micro, Windows /

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) 10/10/2023 at 22:01 By Zeljka Zorz On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487). The exploited zero-days (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) CVE-2023-36563, discovered by Microsoft Threat Intelligence, is a WordPad vulnerability that could

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) Read More »

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)

Adobe, Automox, CVE, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, patch, Patch Tuesday, security update, Tenable, Trend Micro /

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) 12/09/2023 at 22:01 By Zeljka Zorz September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws:

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) Read More »

August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ

Automox, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, Microsoft Teams, MS Office, News, Patch Tuesday, security update, Trend Micro /

August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ 08/08/2023 at 22:46 By Zeljka Zorz August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for which proof-of-exploit code exists. Other than the fact that a

August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ Read More »

Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database

disaster recovery, Don't miss, Exchange, Hot stuff, Microsoft, Microsoft 365, Microsoft Exchange, News, Product showcase, software, Stellar /

Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database 26/07/2023 at 07:02 By Help Net Security Time is of the essence when it comes to recovery after Exchange Server failure or database corruption, as organizations depend on emails for their day-to-day business communication. The more the delay in restoring services and recovering data, the

Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database Read More »

June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange

Automox, Don't miss, Hot stuff, Microsoft Exchange, News, Patch Tuesday, security update, SharePoint, Tenable, Trend Micro, Windows /

June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange 13/06/2023 at 21:48 By Zeljka Zorz For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusion

June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange Read More »

Scroll to Top