CISA adds Microsoft Exchange vulnerability to the KEV database

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

The CISA has added Microsoft Exchange Server Elevation of Privilege Vulnerability to the list of CISA’s Known Exploited Vulnerabilities Catalog on 15 February 2024. The due date for resolution is 7 March 2024. We look at the Microsoft Exchange Server Elevation of Privilege Vulnerability below.

Salient points

  • CVE-2024-21410 is a CRITICAL security vulnerability affecting Microsoft Exchange servers.
  • The vulnerability was first reported by Microsoft on 13 February 2024. It was added to the KEV database by the CISA on 15 February 2024.
  • The CVE-2024-21410 vulnerability has a CVSS score of 9.8 and is a CRITICAL vulnerability.
  • It remains unclear if CVE-2024-21410 has been used by threat actors to target ransomware victims.
  • Microsoft has confirmed that the exploitation of CVE-2024-21410 has been detected.
  • This vulnerability is an information disclosure vulnerability

What versions of Microsoft Exchange servers are affected by CVE-2024-21410?

The following versions of Microsoft Exchange Server are affected by CVE-2024-21410:

  • Microsoft Exchange Server 2019 Cumulative Update 14
  • Microsoft Exchange Server 2019 Cumulative Update 13
  • Microsoft Exchange Server 2016 Cumulative Update 23

Remediation of CVE-2024-21410 on Exchange Servers

CVE-2024-21410 can be remediated on Microsoft Exchange Server 2019 using the security update KB5035606. You will need to deploy this security update to the following versions:

  • Microsoft Exchange Server 2019 Cumulative Update 14
  • Microsoft Exchange Server 2019 Cumulative Update 13

You could, alternatively, enable the Extended Protection within your organization to protect against CVE-2024-21410.

For Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft introduced Extended Protection support as an optional feature for Exchange Server 2016 CU23 with the August 2022 security update (build 15.01.2507.012). Microsoft strongly recommends to download the latest security update for Exchange Server 2016 CU23 prior to turning on Extended Protection mode by the help of the ExchangeExtendedProtectionManagement.ps1 on.

About CVE-2024-21410

CVE-2024-21410 is an Elevation of Privilege vulnerability affecting Microsoft Exchange servers.

An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf.

An attacker who successfully exploited this vulnerability could relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user.

Important links:

More Security Stories

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.