A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Advisory No: TZCERT/SA/2024/02/15

Date of First Release: 15th February 2025

Source: Microsoft

Software Affected: Microsoft Exchange Server

Overview:

Microsoft has disclosed a critical security flaw in Exchange Server that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to gain privileges as the victim client.

Description:

The vulnerability (CVE-2024-21410, CVSS score: 9.8) results in NTLM credentials-leaking when an attacker targets a victim e.g. NTLM client such as Outlook. Successful exploitation of the flaw could permit an attacker to relay a user’s leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

Microsoft has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.

References:

  1. https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21410

Best free WordPress theme

Check Also

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

Advisory No: TZCERT/SA/2024/04/19 Date of First Release: 19th April 2024 Source: Hewlett Packard Enterprise (HPE) …

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.