01 logo

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

4

By Mirela NanPublished 2 months ago 2 min read
1

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates.

Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server.

"An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability," the company said in an advisory published this week.

"The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf."

Cybersecurity

Successful exploitation of the flaw could permit an attacker to relay a user's leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user, Redmond added.

The tech giant, in an update to its bulletin, revised its Exploitability Assessment to "Exploitation Detected," noting that it has now enabled Extended Protection for Authentication (EPA) by default with the Exchange Server 2019 Cumulative Update 14 (CU14) update.

Details about the nature of the exploitation and the identity of the threat actors that may be abusing the flaw are currently unknown. However, Russian state-affiliated hacking crews such as APT28 (aka Forest Blizzard) have a history of exploiting flaws in Microsoft Outlook to stage NTLM relay attacks.

Earlier this month, Trend Micro implicated the adversary to NTLM relay attacks targeting high-value entities at least since April 2022. The intrusions targeted organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with labor, social welfare, finance, parenthood, and local city councils.

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates.

Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server.

"An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability," the company said in an advisory published this week.

"The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf."

Cybersecurity

Successful exploitation of the flaw could permit an attacker to relay a user's leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user, Redmond added.

The tech giant, in an update to its bulletin, revised its Exploitability Assessment to "Exploitation Detected," noting that it has now enabled Extended Protection for Authentication (EPA) by default with the Exchange Server 2019 Cumulative Update 14 (CU14) update.

Details about the nature of the exploitation and the identity of the threat actors that may be abusing the flaw are currently unknown. However, Russian state-affiliated hacking crews such as APT28 (aka Forest Blizzard) have a history of exploiting flaws in Microsoft Outlook to stage NTLM relay attacks.

Earlier this month, Trend Micro implicated the adversary to NTLM relay attacks targeting high-value entities at least since April 2022. The intrusions targeted organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with labor, social welfare, finance, parenthood, and local city councils.

book reviews
1

About the Creator

Mirela Nan

Reader insights

Be the first to share your insights about this piece.

How does it work?

Add your insights

Comments

There are no comments for this story

Be the first to respond and start the conversation.

Sign in to comment

    Find us on social media

    Miscellaneous links

    • Explore
    • Contact
    • Privacy Policy
    • Terms of Use
    • Support

    © 2024 Creatd, Inc. All Rights Reserved.