PulseAugur
LIVE 19:06:18
tool · [2 sources] ·
1
tool

Microsoft Exchange hit by multiple zero-day exploits

By PulseAugur Editorial · Summary by gemini-2.5-flash-lite from 2 sources

Microsoft Exchange Server is facing multiple zero-day exploits, with one vulnerability (CVE-2026-42897) confirmed by CISA and actively exploited. This spoofing vulnerability allows attackers to execute JavaScript by sending a crafted email, potentially leading to remote code execution. A separate, more severe exploit demonstrated at Pwn2Own Berlin chained three vulnerabilities to achieve SYSTEM-level remote code execution, earning a $200,000 bounty for responsible disclosure. AI

Summary written by gemini-2.5-flash-lite from 2 sources. How we write summaries →

IMPACT N/A

RANK_REASON Demonstration of multiple zero-day exploits against Microsoft Exchange Server at the Pwn2Own Berlin hacking event. [lever_c_demoted from research: ic=2 ai=0.1]

Read on Forbes — Innovation →

Microsoft Exchange hit by multiple zero-day exploits

COVERAGE [2]

  1. Forbes — Innovation TIER_1 · Davey Winder, Senior Contributor ·

    Microsoft Exchange Active 0-Day Exploit—Enable Emergency Mitigation Now

    Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

  2. Forbes — Innovation TIER_1 · Davey Winder, Senior Contributor ·

    Microsoft Exchange Zero-Day Hack Confirmed—3 Vulnerabilities Exploited

    Microsoft Exchange has now joined Windows 11 as Pwn2Own zero-day hackers continue to successfully attack the tech giant’s products.

RELATED ENTITIES

RELATED TOPICS