Microsoft Patches Exploited Exchange Server Vulnerability
CVE-2026-42897 was an actively exploited zero-day vulnerability in Exchange Server that Microsoft warned about in mid-May 2026 before a patch became available in June.
CTI status
As of:
Last pipeline run:
Source reliability
Information credibility
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
CVE-2026-42897 was an actively exploited zero-day vulnerability in Exchange Server that Microsoft warned about in mid-May 2026 before a patch became available in June.
Active exploitation by multiple threat actors observed in the field; unauthenticated remote VPN connections possible under specific configuration, with IOCs provided for incident response.
Chaotic Eclipse is actively exploiting a new BitLocker bypass in attack operations, indicating targeted attacks against organizations using Windows encryption.
Criminal charges against a Russian national underscore US law enforcement action against Void Blizzard and highlight ongoing activity by this Kremlin-linked group targeting Western entities.
The exploit leverages a vulnerability in Microsoft Defender's offline scan functionality to bypass BitLocker and spawn a SYSTEM shell, posing a critical threat to locally accessible Windows systems.
The BSI warning addresses multiple critical vulnerabilities in Ubiquiti UniFi OS without specific CVE identification, suggesting either incomplete disclosure or coordinated vulnerability management.
BSI warns of multiple OpenSSL vulnerabilities with high risk potential (RCE, DoS, information disclosure); an official German government warning signals active exploitation or imminent public exploit availability.
BSI warns of multiple vulnerabilities in 7-Zip with remote code execution potential when processing manipulated archives , relevant immediate threat to desktop end-users.
BSI advisory on multiple Chrome and Edge vulnerabilities without specific CVE identifiers; PoC/active exploitation not mentioned, but code execution via merely opening a malicious webpage indicates high risk.
Multiple OpenSSL security vulnerabilities were closed with focus on crafted signatures, indicating potential bypass scenarios in cryptographic validation mechanisms , a strategically relevant category of weaknesses.
BSI warns of multiple unspecified vulnerabilities in Chrome and Edge that can enable code execution, security bypass, and data theft , specific CVE numbers and PoC status are not provided.
BSI advisory on multiple critical vulnerabilities in Firefox/Thunderbird without specific CVE numbers in the title; details required for patch prioritization.
BSI advisory warns of an unspecified vulnerability in both browsers enabling potential code execution , update required, but CVE details are missing for prioritization.
BSI warns of multiple OpenSSL vulnerabilities; without specific CVE numbers, this is a generic advisory likely referencing a patch cycle or multiple known flaws.
BSI warning regarding multiple vulnerabilities in Microsoft developer tools without concrete CVE details or exploitation status , typical for aggregated security advisories.
The Gentlemen gang operates as a Russian-speaking RaaS affiliate with worm-like propagation capability, combining vulnerability exploitation with BYOVD techniques for enterprise network penetration.
The exploit requires local access and either prior initiation of Windows Defender Offline Scan or the attacker's ability to boot into Windows Recovery Environment (WinRE) without authentication; this is a newly disclosed technique with no confirmed active exploitation campaigns.
UNC6671 uses social engineering (vishing) combined with Adversary-in-the-Middle (AiTM) and Python/PowerShell to bypass MFA and systematically compromise Microsoft 365 and Okta; the announced shutdown signals possible rebranding rather than permanent cessation.
This is a known-issue fix for Windows Server 2025, not a security patch against external attacks; relevant to the CISO only if Windows Server 2025 migration is planned.
A legitimate PowerShell script in Siemens patch files is flagged as malware by multiple antivirus engines, potentially blocking deployments and delaying critical patches.