Tag

#on-premises

2 posts tagged #on-premises.

Analysis · May 18, 2026 · Colten Anderson

Microsoft titled it Spoofing. It's session hijacking.

CVE-2026-42897 is the first real test of Exchange Server Subscription Edition's new servicing model. Four days in, the answer is a mitigation that breaks four OWA features and an SU with no ship date.
Analysis · May 5, 2026 · Colten Anderson

Exchange's deserialization problem didn't start in 2023. It still isn't fixed.

A ransomware group picked up a three-year-old Exchange RCE because scanning at scale still finds unpatched servers. The bug isn't the story. The patching economics are.