A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Advisory No: TZCERT/SA/2024/02/15

Date of First Release: 15th February 2025

Source: Microsoft

Software Affected: Microsoft Exchange Server


Microsoft has disclosed a critical security flaw in Exchange Server that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to gain privileges as the victim client.


The vulnerability (CVE-2024-21410, CVSS score: 9.8) results in NTLM credentials-leaking when an attacker targets a victim e.g. NTLM client such as Outlook. Successful exploitation of the flaw could permit an attacker to relay a user’s leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user


Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.


Microsoft has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.


  1. https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21410

Check Also

Critical vulnerabilities affecting IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector (CVE-2022-42920, CVE-2023-51385 and CVE-2023-39410)

Advisory No: TZCERT/SA/2024/04/12-2 Date of First Release: 12th April 2024 Source: IBM Software Affected: IBM …