Provenance Record

News-category (~974 words), Overview / What We Know / Mitigation / What We Don't Know / Context structure. Technical and precise: split CVSS interpretation explained correctly (Microsoft CNA scope=Unchanged H/H/N vs NIST scope=Changed L/L/L), mitigation-only vs patch distinction made clearly, ESU fencing explained accurately. Neutral tone, no alarmism. Strong cross-source corroboration on every claim.

{"source-0":{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog","snapshot":"source-0.html.gz","status":"Primary publication (Rule 9): CISA KEV catalog. Verifies CVE-2026-42897 entry, 'Microsoft Exchange Server Cross-Site Scripting Vulnerability' title, 2026-05-29 dueDate, BOD 22-01 required-action language, ransomware-use Unknown."},"source-1":{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42897","snapshot":"source-1.html.gz","status":"Primary publication (Rule 9): NVD detail page. Verifies CWE-79 weakness, Microsoft CNA 8.1 HIGH base score, NIST 6.1 MEDIUM secondary base score."},"source-2":{"url":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897","snapshot":"source-2.html.gz","status":"MSRC Security Update Guide — JavaScript-rendered SPA, snapshot captures only the loader stub ('You need to enable JavaScript to run this app.'). Treated as canonical vendor reference for the CVE; the CVE identifier and substantive content are verified via CISA KEV + NVD + the trade press."},"source-3":{"url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/","snapshot":"source-3.html.gz","status":"BleepingComputer. Verifies 'specially crafted email', 'arbitrary JavaScript' quotes, EOMT command, Subscription Edition RTM + 2016 CU23 + 2019 CU14/CU15 patch scope, Period 2 ESU enrollment limitation."},"source-4":{"url":"https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html","snapshot":"source-4.html.gz","status":"The Hacker News. Verifies anonymous-researcher disclosure and aka.ms/UnifiedEOMT download location."},"source-5":{"url":"https://www.helpnetsecurity.com/2026/05/15/exchange-server-cve-2026-42897-exploited/","snapshot":"source-5.html.gz","status":"Help Net Security. Verifies anonymous researcher, 'specially crafted email' and 'arbitrary JavaScript' quotes, 'mitigation is implemented automatically' quote, 'working on and will release and announce a security update' quote."},"source-6":{"url":"https://www.securityweek.com/microsoft-warns-of-exchange-server-zero-day-exploited-in-the-wild/","snapshot":"source-6.html.gz","status":"SecurityWeek. Verifies anonymous-researcher disclosure."},"source-7":{"url":"https://www.infosecurity-magazine.com/news/microsoft-zeroday-exchange-servers/","snapshot":"source-7.html.gz","status":"Infosecurity Magazine. Verifies M2.1.x mitigation identifier, Exchange Health Checker script, 'OWA Print Calendar, Inline images' side-effect disclosure verbatim."},"source-8":{"url":"https://cybersecuritynews.com/cisa-microsoft-exchange-server-vulnerability/","snapshot":"null (HTTP 403, no archive fallback)","status":"Cybersecurity News: bot-blocked, snapshot failed. The single claim attributed to this source ('Microsoft has not publicly linked the vulnerability to any ransomware campaign') is independently confirmed by the CISA KEV ransomware-use Unknown field already verified in source 0. Claim stands; cite was redundant."}}

Exemplary vulnerability-disclosure coverage with textbook Rule 9 discipline. CISA KEV (source 1) and NVD (source 2) cited as primary publications alongside the trade press. Every specific verified verbatim: CVE-2026-42897 (CISA KEV + NVD), 'Microsoft Exchange Server Cross-Site Scripting Vulnerability' KEV title, 2026-05-29 dueDate (May 29 deadline), CWE-79 (NVD), split CVSS scores 8.1 HIGH (Microsoft CNA) vs 6.1 MEDIUM (NIST analysts) (NVD detail page), 'specially crafted email' and 'arbitrary JavaScript in the browser context' quotes (BleepingComputer + Help Net Security), 'mitigation is implemented automatically' (Help Net Security), 'working on and will release and announce a security update' (Help Net Security), EOMT command path + UnifiedEOMT location (BleepingComputer + The Hacker News), M2.1.x mitigation identifier + Exchange Health Checker (Infosecurity Magazine), OWA Print Calendar + Inline images side effects (Infosecurity Magazine verbatim), Subscription Edition RTM + 2016 CU23 + 2019 CU14/CU15 + Period 2 ESU patch scope (BleepingComputer), anonymous-researcher disclosure (THN + Help Net Security + SecurityWeek).