The CISA has added Microsoft Exchange Server Elevation of Privilege Vulnerability to the list of CISA’s Known Exploited Vulnerabilities Catalog on 15 February 2024. The due date for resolution is 7 March 2024. We look at the Microsoft Exchange Server Elevation of Privilege Vulnerability below.
Salient points
- CVE-2024-21410 is a CRITICAL security vulnerability affecting Microsoft Exchange servers.
- The vulnerability was first reported by Microsoft on 13 February 2024. It was added to the KEV database by the CISA on 15 February 2024.
- The CVE-2024-21410 vulnerability has a CVSS score of 9.8 and is a CRITICAL vulnerability.
- It remains unclear if CVE-2024-21410 has been used by threat actors to target ransomware victims.
- Microsoft has confirmed that the exploitation of CVE-2024-21410 has been detected.
- This vulnerability is an information disclosure vulnerability
What versions of Microsoft Exchange servers are affected by CVE-2024-21410?
The following versions of Microsoft Exchange Server are affected by CVE-2024-21410:
- Microsoft Exchange Server 2019 Cumulative Update 14
- Microsoft Exchange Server 2019 Cumulative Update 13
- Microsoft Exchange Server 2016 Cumulative Update 23
Remediation of CVE-2024-21410 on Exchange Servers
CVE-2024-21410 can be remediated on Microsoft Exchange Server 2019 using the security update KB5035606. You will need to deploy this security update to the following versions:
- Microsoft Exchange Server 2019 Cumulative Update 14
- Microsoft Exchange Server 2019 Cumulative Update 13
You could, alternatively, enable the Extended Protection within your organization to protect against CVE-2024-21410.
For Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft introduced Extended Protection support as an optional feature for Exchange Server 2016 CU23 with the August 2022 security update (build 15.01.2507.012). Microsoft strongly recommends to download the latest security update for Exchange Server 2016 CU23 prior to turning on Extended Protection mode by the help of the ExchangeExtendedProtectionManagement.ps1 on.
About CVE-2024-21410
CVE-2024-21410 is an Elevation of Privilege vulnerability affecting Microsoft Exchange servers.
An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf.
An attacker who successfully exploited this vulnerability could relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user.
Important links:
More Security Stories
- CISA adds Cisco ASA vulnerability to KEV Catalog
- Microsoft reports 73 security vulnerabilities in Patch Tuesday – Feb 2024
- Adobe reports CRITICAL security vulnerabilities in multiple products
- Data breach at France’s data protection agency CNIL
- Bank of America Data Breach at Infosys McCamish Systems
- CISA adds Roundcube Webmail XSS Vulnerability to KEV catalog
- Zero-day vulnerability in FortiOS – CVE-2024-21762
- Critical Security Vulnerabilities in Cisco Expressway Series
- 2 Critical Vulnerabilities reported by Fortinet
- Verizon Data Breach – Feb 2024
- AnyDesk Cyberattack incident – February 2024
- Cloudflare Data Breach – November 2023
- Ivanti VPN Vulnerabilities – Jan 2024
- Mercedes Source Code Leak – Jan 2024
- Schneider Electric Ransomware attack – Jan 2024
- Android Security Update – Feb 2024
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.