Microsoft Patches Exploited Exchange Server Vulnerability CVE-2026-42897

Microsoft patched CVE-2026-42897, a critical Exchange Server vulnerability that was actively exploited in the wild beginning May 14, 2026; the fix was released in the June 2026 Patch Tuesday (part of a release addressing 206 CVEs). Administrators are urged to apply the update immediately, review Exchange logs for IOCs, restrict external access where possible, verify patch installation, and consider migrating to Exchange Online to reduce future exposure.