Exchange Server
The latest Exchange Server coverage — news, analysis, and updates from the WindowsNews.AI desk.
Exchange Server’s July Patches Fix Critical Flaws, but Don’t Remove the Old Mitigation Until July 16
On July 14, Microsoft released a set of security updates for Exchange Server that patch four newly disclosed vulnerabilities—including a remote code execution flaw—and deliver a permanent fix for...
CVE-2026-55006: Patch Now to Stop Low-Privileged Users from Hijacking Your Exchange Server
Microsoft’s July 2026 Patch Tuesday release fixes a high-severity vulnerability in Exchange Server that allows an authenticated low-privileged user to escalate to full administrative control. The...
Exchange Server July 2026 Update Blocks Remote Code Execution That Only Needed a Valid Password
Microsoft shipped its July 2026 security updates on Tuesday, and for on-premises Exchange Server administrators, one patch demands immediate attention. CVE-2026-55005, a heap-based buffer overflow in...
Microsoft to Pull Plug on OWA Light for On-Premises Exchange, Targeting August 2026
Microsoft is formally retiring the lightweight version of Outlook on the Web for on-premises Exchange Server, with removal planned for a future update around August 2026. The company’s Exchange...
206 fixes, 3 zero-days: Windows CTF, HTTP.sys, BitLocker lead June Patch Tuesday
Microsoft’s June 2026 Patch Tuesday, released on June 9, delivers a staggering 206 security updates across a wide range of products, marking one of the largest update cycles in recent years. The...
June 2026 Exchange Security Fixes Critical OWA RCE, Requires ESU License
Microsoft pushed out its June 2026 security updates for Exchange Server on Tuesday, June 9, 2026, fixing a critical remote code execution (RCE) vulnerability tracked as CVE-2026-42897 that can be...
Microsoft pauses Exchange security patches in May 2026; admins should audit now.
Microsoft will not release security updates for Exchange Server this month, the company confirmed on May 12, 2026—the date that would typically mark Patch Tuesday for the collaboration platform....
Exchange Server Security Updates End in April 2026 as ESU Bridge Program Concludes
Microsoft will not release security updates for Exchange Server in April 2026, marking the definitive end of the Extended Security Update (ESU) bridge program for Exchange 2016 and Exchange 2019....
Exchange Server Subscription Edition: Microsoft's Mandatory Move to Modern Lifecycle
Microsoft has officially moved Exchange Server to a subscription-only model, ending traditional perpetual licensing for on-premises deployments. The Exchange Server Subscription Edition represents...
Exchange Server Turns 30: How Microsoft's Email Platform Became the Heart of Enterprise Identity and Security
Microsoft Exchange Server celebrates its 30th anniversary this year, marking three decades of evolution from a simple email system to the central nervous system of enterprise communication, identity...
Microsoft Confirms No Exchange Security Updates for March 2024 Patch Tuesday
Microsoft's Exchange engineering team delivered a clear message to administrators this month: no security updates are coming for on-premises Exchange Server during March 2024's Patch Tuesday. This...
CVE-2026-21527: Critical Exchange Spoofing Vulnerability Demands Immediate Patching
Microsoft has issued a critical security alert for Exchange Server administrators worldwide, cataloging CVE-2026-21527 as a spoofing vulnerability that requires immediate attention. While technical...