UPDATE (2/23/2024) -

Following our recent flash notice regarding the critical vulnerability (CVE-2024-21410) in Microsoft Exchange Server, the situation remains alarming as exploitation of the vulnerability continues. Despite Microsoft's prompt release of fixes during Patch Tuesday, reports confirm ongoing attacks leveraging this vulnerability - particularly a breach within Microsoft's Azure platform.  

While efforts to mitigate CVE-2024-21410 continue, the Azure platform breach introduces a new dimension of risk. Hundreds of executive accounts have been compromised, with attackers using tactics such as cloud account takeovers and phishing attempts. Organizations are urged to prioritize patching CVE-2024-21410 and implement Microsoft's recommendation to enable Extended Protection for Authentication (EPA) as soon as possible.  

overview

Microsoft has recently confirmed the active exploitation of a critical vulnerability (CVE-2024-21410) in their Exchange Server. The confirmation came shortly after the release of fixes for the vulnerability as part of the company's updates for Patch Tuesday. 

With a CVSS score of 9.8, CVE-2024-21410 allows for privilege escalation within Exchange Server. Exploiting this vulnerability involves attackers focusing on NTLM clients such as Outlook, exploiting a flaw that leaks credentials. With these leaked credentials in hand, attackers can then exploit the Exchange server, elevating their privileges and performing actions on behalf of the unsuspecting victim. 

Details regarding exactly how attackers are exploiting CVE-2024-21410 and the identities of the attackers involved remain undisclosed. However, past incidents suggest the possibility of exploitation by sophisticated threat groups, such as APT28 (Forest Blizzard), known for targeting vulnerabilities in Microsoft Outlook for NTLM relay attacks. 

Avertium strongly recommends that organizations prioritize patching CVE-2024-21410 as soon as possible. By promptly applying these updates, organizations can safeguard their Exchange Server environments from malicious actors.  

 

 

avertium's recommendationS

  • To address CVE-2024-21410, Microsoft has updated its bulletin and has enabled Extended Protection for Authentication (EPA) by default with the Exchange Server 2019 Cumulative Update 14 (CU14). 
  • For patch guidance, please see Microsoft’s advisory, as they go into detail regarding what you should do to protect yourself from this vulnerability  



 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-21410. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 




 

SUPPORTING DOCUMENTATION

CVE-2024-21410 - Security Update Guide - Microsoft - Microsoft Exchange Server Elevation of Privilege Vulnerability 

Microsoft: New critical Exchange bug exploited as zero-day (bleepingcomputer.com) 

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation (thehackernews.com) 

Azure Data Breach Compromises Microsoft - Spiceworks 

 
Chat With One of Our Experts



microsoft Flash Notice Microsoft Exchange Server Microsoft Vulnerability Critical Vulnerability Blog