CVE-2024-21410

CVE-2024-21410 is a critical security vulnerability in Microsoft Exchange Server with a CVSS severity score of 9.8. The vulnerability allows attackers to perform privilege escalation attacks by exploiting NTLM credential leaking in clients like Outlook.

Key Details

Attack Method: An attacker targets NTLM clients (like Outlook) to leak credentials, which can then be relayed against the Exchange server to gain unauthorized access and perform operations on behalf of the victim3.

Affected Systems:

• Microsoft Exchange Server 2016 Cumulative Update 23
• Microsoft Exchange Server 2019 Cumulative Update 13
• Microsoft Exchange Server 2019 Cumulative Update 14

Current Status: Microsoft has confirmed that this vulnerability is being actively exploited in the wild. In response, they have enabled Extended Protection for Authentication (EPA) by default in Exchange Server 2019 Cumulative Update 14 (CU14).

Exploit Status

Known Exploit: This vulnerability has been confirmed as actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 15, 2024.

Public Exploit: While a public proof of concept is available, specific details about the exploitation techniques remain undisclosed. The vulnerability is actively exploited, with approximately 28,000 internet-facing Microsoft Exchange servers currently vulnerable to this exploit.

Technical Impact

The vulnerability stems from incorrect parsing of “file://” hyperlinks, which can lead to:

• NTLM credential information leakage
• Potential remote code execution
• Possible bypass of Office Protected View

Strengthen Your Server Security with Messageware

Data breaches have increased by 72%, servers are compromised in under 90 minutes. Ensure you have multiple layers of security software protecting your Windows Servers.

Messageware offers powerful security solutions, including:

Z-Day Guard for All Windows Servers: Next-gen server protection, providing detection, alerting, and response (MDR) to zero-day and server penetration cyber-attacks. Leverages embedded monitoring technology that cannot be turned off by malicious software. No need to research complicated deployments and no learning curve to install and manage.

EPG Guard for Exchange Servers: Real-time security stops AD account lockouts, eliminates brute force password attacks, provides intelligent GEO blocking, and prevents Exchange Server vulnerability probing. Enhance security through real-time collection and analysis of logon information, with advanced reporting, threat detection, and security controls.

Don’t leave your critical infrastructure vulnerable, be proactive and stay ahead of evolving threats.