Exchange Server – TheCyberThrone

CVE-2026-42897 — Microsoft Exchange Server OWA XSS Vulnerability

Overview Microsoft has confirmed active exploitation of CVE-2026-42897, a Cross-Site Scripting vulnerability in Microsoft Exchange Server carrying a CVSS score of 8.1.The flaw stems from improper neutralization of input during…

PravinKarthik May 15, 2026

Microsoft Exchange Server Vulnerability Actively Exploited – CVE-2024-21410

Microsoft has raised the alarm on a critical security vulnerability within the Exchange Server that is tracked as CVE-2024-21410, CVSS 9.8 that has already been exploited in the wild before this…

PravinKarthik February 16, 2024

Microsoft Adviced to Patch On-Prem Exchange Servers

Microsoft has urged administrators of on-premises exchange servers to keep them patched and updated, warning that attackers are not going to go away. Microsoft advised that customers install the latest…

PravinKarthik January 28, 2023

Play Ransomware Exploits Exchange Server Flaw

Play ransomware group is using a new exploit in Microsoft Exchange to breach servers. The exploit chain bypasses ProxyNotShell URL rewrite mitigations to gain RCE on vulnerable servers. Threat actors…

PravinKarthik December 21, 2022

Microsoft Mitigation for Exchange Server ZeroDay can be bypassed

Researchers warn on the mitigation proposed by Microsoft for the new Exchange Server zero-day vulnerabilities named ProxyNotShell can be easily bypassed. Researcher Kevin Beaumont named the vulnerabilities ProxyNotShell due to similarities to…

PravinKarthik October 5, 2022

Session Manager Backdooring Microsoft Exchange server

Attackers using a new SessionManager backdoor, which can be used to gain persistent, undetected access to emails and even take over the target organization's infrastructure. Researchers reported the emergence of…

PravinKarthik July 1, 2022