Microsoft has confirmed an active zero-day exploit targeting its on-premises Exchange Server, identified as CVE-2026-42897. This vulnerability allows unauthenticated remote code execution and is being actively exploited in the wild, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Microsoft is recommending immediate mitigation through its Exchange Emergency Mitigation Service while a formal patch is pending. The exploit, demonstrated at the Pwn2Own Berlin hacking event, poses a significant risk to corporate identity and communications systems. AI
影响 This exploit targets enterprise communication infrastructure, potentially impacting business operations and data security, but does not directly involve AI capabilities.
排序理由 The cluster reports on a confirmed active zero-day exploit in a widely used enterprise product, with immediate security implications and vendor-recommended emergency mitigations. [lever_c_demoted from significant: ic=4 ai=0.4]
- DEVCORE Research Team
- Microsoft
- Microsoft Exchange
- Orange Tsai
- Pwn2Own
- Trend Micro Zero Day Initiative
- Windows 11
- CISA
- CVE-2026-42897
- Damon Small
- Pwn2Own Berlin
- Xcape, Inc.
- Exchange Emergency Mitigation Service
- Suzu Labs
- Jacob Krell
AI 生成摘要 · Google Gemini · 来自 4 个来源。 我们如何撰写摘要 →
