Over 28,500 Exchange servers vulnerable to actively exploited bug

Over 28,500 Exchange servers vulnerable to actively exploited bug

February 19, 2024 at 02:36PM

A critical vulnerability, CVE-2024-21410, puts up to 97,000 Microsoft Exchange servers at risk of exploitation by allowing privilege escalation. Microsoft addressed the issue on February 13, but 28,500 servers remain vulnerable. Administrators are urged to apply mitigations to avoid potential misuse and data breaches. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has set a deadline for updates to be applied.

Based on the meeting notes, the key takeaways are:

– Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw known as CVE-2024-21410, which is actively being exploited by hackers.
– Microsoft addressed the issue on February 13, but it had already been leveraged as a zero-day vulnerability. Currently, 28,500 servers have been identified as vulnerable.
– The vulnerability allows remote attackers to perform NTLM relay attacks on Microsoft Exchange Servers and escalate their privileges.
– Shadowserver has identified approximately 97,000 potentially vulnerable servers, with the most impacted countries being Germany, the United States, the United Kingdom, France, Austria, Russia, Canada, and Switzerland.
– While there is currently no publicly available proof-of-concept exploit for CVE-2024-21410, system admins are recommended to apply the Exchange Server 2019 Cumulative Update 14 to address the issue.
– The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2024-21410 to its ‘Known Exploited Vulnerabilities’ catalog, giving federal agencies until March 7, 2024, to apply the available updates/mitigations or stop using the product.

These takeaways highlight the urgency for system administrators to apply the necessary updates and mitigations to protect vulnerable Microsoft Exchange servers from potential exploitation.

Full Article