Microsoft warned Exchange Server customers about critical OWA vulnerability CVE-2026-42897 affecting on-premises deployments.

Microsoft this week announced it will be bringing its Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering organizations critical protection as they approach ...

Organizations running Exchange Server 2019 won't be getting an H2 cumulative update (CU) this year, a Microsoft announcement this month explained. Microsoft is planning to defer the release of the ...

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while ...

The mainstream support for Microsoft Exchange Server 2019 officially ends as of today, January 9. However, it will continue to get updates via Extended support until October 14, 2025. The ...

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...

Microsoft warns of a new zero-day vulnerability that leaves Exchange open to hackers.

Microsoft on Thursday disclosed a zero-day vulnerability in Exchange that's under active exploitation, but four days later customers are still awaiting a patch. The zero-day, tracked as CVE-2026-42897 ...

Enterprises must soon have subscription licenses for all on prem users and servers. The shift comes with a significant price increase. If you’re an enterprise still hosting on-premises Exchange 2016 ...

While the planned phase-out of Microsoft Exchange 2016 and Exchange 2019 is many months away, evaluate your organization’s needs now to avoid hassles down the road. October 2025 is going to be a big ...

Microsoft has reminded admins that Exchange 2016 and Exchange 2019 will reach the end of extended support in October and shared guidance for those who need to decommission outdated servers. Exchange ...

According to Check Point Research (CPR), threat actors are actively exploiting four zero-day vulnerabilities tackled with emergency fixes issued by Microsoft on March 2-- and attack attempts continue ...