Advisory No: TZCERT/SA/2024/02/15
Date of First Release: 15th February 2025
Source: Microsoft
Software Affected: Microsoft Exchange Server
Overview:
Microsoft has disclosed a critical security flaw in Exchange Server that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to gain privileges as the victim client.
Description:
The vulnerability (CVE-2024-21410, CVSS score: 9.8) results in NTLM credentials-leaking when an attacker targets a victim e.g. NTLM client such as Outlook. Successful exploitation of the flaw could permit an attacker to relay a user’s leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user
Impact:
Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.
Solution:
Microsoft has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.
References:
- https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21410