Microsoft has confirmed a critical security flaw in Exchange Server, tracked as CVE-2024-21410, which is being actively exploited by threat actors. This vulnerability allows remote unauthenticated attackers to perform NTLM relay attacks and escalate privileges on the affected system.

Affected Systems

Affects all versions except those already updated with Cumulative Update 14.

Security Risks

Successful exploitation of this critical vulnerability, CVE-2024-21410, in Microsoft's Exchange Server poses a grave threat, as it is actively exploited as a zero-day. Remote attackers can leverage this vulnerability to escalate privileges through NTLM relay attacks.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow Microsoft Security Updates to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply Security Updates: Install the latest security updates provided by Microsoft that address the CVE-2024-21410 vulnerability. These updates include patches and fixes to prevent exploitation.

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410