Sign up to save your podcasts
Or
Share Microsoft Exchange Zero-Day Under Attack: One Email Hijacks OWA
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Microsoft Exchange Zero-Day Under Attack: One Email Hijacks OWA
It's Monday morning. You open the third email of the day. Nothing visible happens, but in the background, an attacker just borrowed the proof you were logged in.
Episode 28 of Plaintext with Rich is a hot take on CVE-2026-42897, the Microsoft Exchange Server zero-day under active exploitation right now. We break down what cross-site scripting actually does inside Outlook Web Access, why session hijacking is more dangerous than the underlying bug, and how a single crafted email becomes business email compromise. We look at the on-premises versus Exchange Online divide, why ProxyLogon and ProxyShell aren't ancient history yet, and what CISA's Known Exploited Vulnerabilities catalog listing and the May 29 federal deadline mean for everyone else. The episode closes with a Plaintext Starter Kit of four moves any on-prem Exchange team should make this week.
If you run on-prem Exchange, support someone who does, or you've been putting off the migration conversation, this one is for you.
Ten minutes. One topic. No panic.
Is there a topic/term you want me to discuss next? Text me!!
YouTube more your speed? → https://links.sith2.com/YouTube
Apple Podcasts your usual stop? → https://links.sith2.com/Apple
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord
Follow the human behind the microphone → https://links.sith2.com/linkedin
Need another way to reach me? That’s here → https://linktr.ee/rich.greene
View all episodes
By Rich GreeneIt's Monday morning. You open the third email of the day. Nothing visible happens, but in the background, an attacker just borrowed the proof you were logged in.
Episode 28 of Plaintext with Rich is a hot take on CVE-2026-42897, the Microsoft Exchange Server zero-day under active exploitation right now. We break down what cross-site scripting actually does inside Outlook Web Access, why session hijacking is more dangerous than the underlying bug, and how a single crafted email becomes business email compromise. We look at the on-premises versus Exchange Online divide, why ProxyLogon and ProxyShell aren't ancient history yet, and what CISA's Known Exploited Vulnerabilities catalog listing and the May 29 federal deadline mean for everyone else. The episode closes with a Plaintext Starter Kit of four moves any on-prem Exchange team should make this week.
If you run on-prem Exchange, support someone who does, or you've been putting off the migration conversation, this one is for you.
Ten minutes. One topic. No panic.
Is there a topic/term you want me to discuss next? Text me!!
YouTube more your speed? → https://links.sith2.com/YouTube
Apple Podcasts your usual stop? → https://links.sith2.com/Apple
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord
Follow the human behind the microphone → https://links.sith2.com/linkedin
Need another way to reach me? That’s here → https://linktr.ee/rich.greene