Hackers are exploiting a critical flaw, CVE-2024-21410, in Microsoft Exchange servers, potentially putting up to 97,000 systems at risk. Despite Microsoft addressing the issue on February 13, after it was already leveraged as a zero-day exploit, thousands of vulnerable servers have been identified. This flaw allows remote unauthenticated actors to conduct NTLM relay attacks, enabling them to escalate their privileges on the system. As a result, essential communication services provided by Exchange Server, crucial for business environments, are compromised, posing serious risks to data security and integrity.
The widespread use of Microsoft Exchange Server in business environments for email, calendar, contact, and task management services exacerbates the severity of the situation. With vulnerable systems identified globally, including significant numbers in countries like Germany, the United States, and the United Kingdom, the potential impact on organizations’ operations and data security is substantial. The absence of a publicly available proof-of-concept (PoC) exploit for CVE-2024-21410 may somewhat limit the number of attackers currently utilizing the flaw, but the threat remains significant, requiring immediate attention from system administrators.
To address the CVE-2024-21410 vulnerability, system administrators are urged to apply the Exchange Server 2019 Cumulative Update 14 (CU14) released during February 2024’s Patch Tuesday. This update includes crucial NTLM credentials Relay Protections to mitigate the risk of exploitation. Additionally, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has listed CVE-2024-21410 in its ‘Known Exploited Vulnerabilities’ catalog, providing federal agencies with a deadline until March 7, 2024, to apply updates or mitigations or discontinue the use of the product. Failure to take prompt action leaves organizations vulnerable to severe consequences, including unauthorized access to confidential data and potential network-wide attacks facilitated by compromised Exchange servers.
