Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft will block TLS 1.0 and TLS 1.1 for POP3/IMAP4 access to Exchange Online in July 2026, which could break legacy mail clients and embedded devices that have not moved to TLS 1.2+. The change matters because affected customers may lose email connectivity unless their software or hardware supports modern encryption.

Related Happenings

Microsoft Exchange CVE-2026-42897 mitigation advisory

Advisory/Mitigation
First: 15.05.2026 12:40 Last: 15.05.2026 12:40 Sources 1

About this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...

Latest development: 15.05.2026 15:35

Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.

Open Happening

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
First: 15.05.2026 09:19 Last: 15.05.2026 09:19 Sources 1

About this happening: **CVE-2026-42897** is an **actively exploited** **spoofing/XSS** flaw in **on-premises Microsoft Exchange Server** that can let attackers trigger **arbitrary JavaScript** in a bro...

Open Happening

Microsoft May 2026 Patch Tuesday release

Security Patch Release
First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...

Open Happening

Apple and Google Messages beta rollout of cross-platform E2EE RCS

Security Tool/Service
First: 12.05.2026 16:00 Last: 12.05.2026 16:00 Sources 1

About this happening: Apple and Google have begun a **beta rollout** of **end-to-end encrypted RCS** between **iPhone** and **Android** devices, materially reducing carrier and in-transit visibility fo...

Open Happening

IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android

Security Tool/Service
First: 12.05.2026 08:18 Last: 12.05.2026 08:18 Sources 1

About this happening: Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...

Open Happening

Timeline

  1. 28.04.2026 16:18 2 articles · 29d ago

    Microsoft announces Exchange Online blocking of TLS 1.0 and TLS 1.1

    Initial Disclosure

    Microsoft announced that Exchange Online will fully deprecate TLS 1.0 and TLS 1.1 for POP3 and IMAP4 connections starting in July 2026, and customers using older email clients, custom applications, or embedded devices must move to TLS 1.2 or later to avoid failed connections.

    Show sources
    Open in new tab