Microsoft has released the June 2026 security updates for Exchange Server, addressing a high-severity OWA XSS vulnerability, CVE-2026-42897, among others.

not applicable

Who

Microsoft

What

When

Mon, 15 Jun 2026 15:24:28 GMT · 2h 54m ago

Where

not applicable ·

Why

The updates fix vulnerability CVE-2026-42897, caused by improper handling of user input in Outlook Web Access (OWA), which could allow remote attackers to execute malicious JavaScript through specially crafted emails.

The Frontline Impact

How this affects you

This critical update prevents potential impersonation, data theft, or unauthorized mailbox access for users of affected Exchange Server versions. Organizations not applying the update may face security risks and lose access to new mitigations after July 2026.

Story chain

1 event in this thread

No related history yet - this is the origin event.

Verified Sources & Citations

Petri IT Knowledgebase
https://petri.com/microsoft-exchange-server-updates-fix-owa-xss-flaw/
HIGH

Credibility ratings reflect the AI ingestion pipeline's assessment of source provenance.