Exchange OWA XSS Vulnerability Exploited; Patch Availability Varies for Versions 2016 and 2019

A critical zero-day vulnerability in Exchange Outlook Web Access (OWA) is being actively exploited, and a patch has been released. However, security expert Steffen Zahn notes that the fix is only available for a fee for versions 2016 and 2019. This situation leaves users of these older versions potentially exposed. The article advises on the necessary steps to mitigate the risk. The exploit allows for Cross-Site Scripting (XSS) attacks via email. This situation underscores the importance of timely security updates and vendor support.

This security alert warns of an actively exploited Exchange OWA vulnerability, highlighting the risks associated with older software versions and paid patches.