Archive: https://archive.today/EhoX4 From the post: >>Microsoft is warning of a zero-day security vulnerability in Exchange that is already being attacked in the wild. Updated software is not yet available. However, Microsoft is offering countermeasures that admins should implement as quickly as possible. In the vulnerability description, Microsoft explains that it involves insufficient input filtering during website generation, a cross-site scripting vulnerability. This allows unauthenticated attackers from the network to execute spoofing attacks (CVE-2026-42897, CVSS 8.1, Risk "high"). However, Microsoft classifies the severity as "critical". A blog post by Microsoft's Exchange team explains this and the countermeasures in more detail.