Teacher
Professional
- Messages
- 2,670
- Reaction score
- 775
- Points
- 113
Releasing a PoC exploit will only make the situation worse, and you can't delay updating it.
Up to 97,000 Exchange servers may be vulnerable to a critical vulnerability codenamed CVE-2024-21410, which we already discussed a few days ago.
The vulnerability allows unauthorized remote attackers to conduct NTLM Relay attacks on Microsoft Exchange servers and increase their privileges in the system.
Exchange Server is widely used in business environments to facilitate communication and collaboration between users by providing email, calendar, contact management, and task management services.
Microsoft fixed the vulnerability described above on February 13, when it was already in full use as a zero-day. And yesterday, February 19, the Shadowserver threat monitoring announced that its scanners identified about 97,000 potentially vulnerable servers. 68,500 of them may be vulnerable depending on whether administrators applied mitigation measures, and 28,500 servers are directly vulnerable to direct exploitation of CVE-2024-21410.
The countries that will be most affected by hacker attacks are the following:
Currently, there is no publicly available PoC exploit for CVE-2024-21410, which somewhat limits the number of attackers using this vulnerability.
To resolve CVE-2024-21410, system administrators are advised to apply Cumulative Update 14 (CU14) for Exchange Server 2019, released as part of the latest Patch Tuesday update , which includes protection against NTLM credential interception.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added CVE-2024-21410 to its catalog of "Known Exploited Vulnerabilities" (KEV), giving federal agencies until March 7, 2024 to apply available updates, mitigate measures, or stop using the product.
Exploiting CVE-2024-21410 can have serious consequences for organizations, as attackers with elevated rights on the Exchange server can gain access to sensitive data, such as email, and use the server as a springboard for further attacks on the network.
If your organization uses Exchange Server, you should not delay updating, because with the release of a public PoC, the situation will become much more serious than it is now.
Up to 97,000 Exchange servers may be vulnerable to a critical vulnerability codenamed CVE-2024-21410, which we already discussed a few days ago.
The vulnerability allows unauthorized remote attackers to conduct NTLM Relay attacks on Microsoft Exchange servers and increase their privileges in the system.
Exchange Server is widely used in business environments to facilitate communication and collaboration between users by providing email, calendar, contact management, and task management services.
Microsoft fixed the vulnerability described above on February 13, when it was already in full use as a zero-day. And yesterday, February 19, the Shadowserver threat monitoring announced that its scanners identified about 97,000 potentially vulnerable servers. 68,500 of them may be vulnerable depending on whether administrators applied mitigation measures, and 28,500 servers are directly vulnerable to direct exploitation of CVE-2024-21410.
The countries that will be most affected by hacker attacks are the following:
- Germany — 22,903 servers;
- United States — 19,434 servers;
- United Kingdom — 3,665 servers;
- France — 3,074 servers;
- Austria — 2,987 servers;
- Russia — 2,771 servers;
- Canada — 2,554 servers;
- Switzerland — 2,119 servers.
Currently, there is no publicly available PoC exploit for CVE-2024-21410, which somewhat limits the number of attackers using this vulnerability.
To resolve CVE-2024-21410, system administrators are advised to apply Cumulative Update 14 (CU14) for Exchange Server 2019, released as part of the latest Patch Tuesday update , which includes protection against NTLM credential interception.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added CVE-2024-21410 to its catalog of "Known Exploited Vulnerabilities" (KEV), giving federal agencies until March 7, 2024 to apply available updates, mitigate measures, or stop using the product.
Exploiting CVE-2024-21410 can have serious consequences for organizations, as attackers with elevated rights on the Exchange server can gain access to sensitive data, such as email, and use the server as a springboard for further attacks on the network.
If your organization uses Exchange Server, you should not delay updating, because with the release of a public PoC, the situation will become much more serious than it is now.
