Microsoft mitigation may bork inline images, calendar printing while admins wait for a proper patch Microsoft has confirmed a vulnerability in on premises Exchange Server that could result in surprise script execution in victims browsers. Tracked as CVE 2026 42897 , the flaw affects Outlook Web Access OWA and can be triggered by a specially crafted email opened in OWA, assuming certain interaction conditions are met .The prize for attackers is arbitrary JavaScript execution in the mark browser...
