1 article
With no patch available for the actively exploited Exchange OWA session hijacking zero-day, security teams must hunt for existing compromise rather than waiting for a fix. This guide covers the specific log sources, KQL queries, and behavioural indicators that reveal CVE-2026-42897 exploitation in on-premises Exchange and Microsoft 365 hybrid environments.