February 20, 2024 at 10:03AM
Over 28,000 internet-accessible Microsoft Exchange servers are affected by a zero-day vulnerability, with an additional 68,000 instances considered possibly vulnerable. The flaw, tracked as CVE-2024-21410, allows for privilege escalation and pass-the-hash attacks. Organizations are urged to apply available mitigations and patches as the exploit is actively targeted.
From the meeting notes, the key takeaways are:
1. A recently disclosed zero-day vulnerability affects over 28,000 internet-accessible Microsoft Exchange servers, with an additional 68,000 instances considered ‘possibly’ vulnerable, totaling potentially exploitable servers to roughly 97,000.
2. The vulnerability, known as CVE-2024-21410 (CVSS score of 9.8), is a privilege escalation flaw leading to pass-the-hash attacks. Microsoft has released patches for this vulnerability and urged customers to update to Exchange Server 2019 Cumulative Update 14 (CU14).
3. Microsoft has stated that the issue exists because Exchange Server 2019 did not have NTLM credential relay protection or Extended Protection for Authentication (EPA) enabled by default.
4. There are concerns about the accuracy of the identified vulnerable Exchange servers due to the summing of unique IPs and the inclusion of honeypots in the results.
5. It is emphasized that urgent action from organizations is necessary to identify potentially affected systems and apply available mitigations and patches as soon as possible.
Overall, the focus is on the urgent need for organizations to take action to address the CVE-2024-21410 vulnerability in Microsoft Exchange servers.