Microsoft has released a patch for a high-severity zero-day vulnerability in Exchange Server that allows remote attackers to execute arbitrary JavaScript code via cross-site scripting attacks targeting Outlook Web Access users. Administrators are urged to apply the updates promptly to protect their systems from potential exploitation.
Microsoft has patched a critical zero-day vulnerability in Exchange Server that allows remote attackers to execute arbitrary JavaScript code through cross-site scripting attacks. As a cybersecurity professional, you should prioritize deploying the June 2026 Security Updates for Exchange Server immediately and maintain the existing mitigations for continued protection. Additionally, given the historical exploitation of Exchange vulnerabilities by ransomware gangs, consider enhancing your threat detection and incident response strategies around these systems.