Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Exchange Server 2016 and 2019 end-of-support migration guidance

Advisory/Mitigation
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft says Exchange Server 2016 and Exchange Server 2019 reached end of support on October 14, 2025, leaving on-premises deployments without future vendor security coverage and raising upgrade urgency. The company is urging administrators to upgrade to Exchange Server SE or migrate to Exchange Online to stay supported and secure. After the October 2025 Exchange Server Security Updates, Microsoft will stop issuing security patches for these versions, increasing the risk of exposure to newly discovered vulnerabilities.

Related Happenings

Microsoft security patch release for CVE-2026-42897

Security Patch Release
H score44 First: 10.06.2026 16:44 Last: 10.06.2026 16:44 Sources 1

About this happening: **Microsoft** released **June 2026 Security Updates** for **Exchange Server 2016**, **Exchange Server 2019**, and **Exchange Server Subscription Edition (SE)** to fix **CVE-2026-4...

Open Happening

Microsoft Exchange Online mail flow disruption

Service Disruption
H score25 First: 02.06.2026 20:02 Last: 02.06.2026 20:02 Sources 1

About this happening: Microsoft is addressing a **widespread Exchange Online service disruption** that is delaying and failing email delivery for customers across **North America** and **Germany**. The...

Open Happening

Microsoft Exchange CVE-2026-42897 mitigation advisory

Advisory/Mitigation
H score57 First: 15.05.2026 12:40 Last: 15.05.2026 12:40 Sources 1

About this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...

Latest development: 15.05.2026 15:35

Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.

Open Happening

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
H score47 First: 15.05.2026 09:19 Last: 15.05.2026 09:19 Sources 1

About this happening: **CVE-2026-42897** is an **actively exploited** **spoofing** vulnerability in **on-premises Microsoft Exchange Server** that can lead to **arbitrary JavaScript execution** in a br...

Latest development: 09.06.2026 20:57

Microsoft identifies CVE-2026-42897 in Microsoft Exchange Server as an actively exploited spoofing vulnerability that can lead to JavaScript execution in a target’s browser when a specially crafted email is opened in Outlook Web Access under certain interaction conditions. Microsoft says mitigations are being pushed through the Exchange Emergency Mitigation Service while it continues work on the full update.

Open Happening

Microsoft May 2026 Patch Tuesday release

Security Patch Release
H score38 First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...

Latest development: 01.06.2026 15:30

Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.

Open Happening

Timeline

  1. 14.10.2025 21:26 1 articles · 8mo ago

    Exchange Server 2016 and 2019 reach end of support

    Initial Disclosure

    Microsoft says Exchange Server 2016 and Exchange Server 2019 reach end of support on October 14, 2025, so customer installations continue to run but will no longer receive security patches, time zone updates, bug fixes, or technical support.

    Show sources
    Open in new tab
  2. 14.10.2025 21:26 2 articles · 8mo ago

    Microsoft advises upgrade or migration to supported Exchange options

    Mitigation Patch Update

    Microsoft urges IT administrators to upgrade Exchange Server 2016 and Exchange Server 2019 deployments to Exchange Server Subscription Edition (SE) or migrate to Exchange Online, noting that Exchange Server 2019 supports an in-place upgrade to Exchange Server SE and that Exchange 2016 or 2013 environments should move to SE or first install Exchange 2019.

    Show sources
    Open in new tab