Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers

February 20, 2024 at 10:03AM Over 28,000 internet-accessible Microsoft Exchange servers are affected by a zero-day vulnerability, with an additional 68,000 instances considered possibly vulnerable. The flaw, tracked as CVE-2024-21410, allows for privilege escalation and pass-the-hash attacks. Organizations are urged to apply available mitigations and patches as the exploit is actively targeted. From the meeting … Read more

Over 28,500 Exchange servers vulnerable to actively exploited bug

February 19, 2024 at 02:36PM A critical vulnerability, CVE-2024-21410, puts up to 97,000 Microsoft Exchange servers at risk of exploitation by allowing privilege escalation. Microsoft addressed the issue on February 13, but 28,500 servers remain vulnerable. Administrators are urged to apply mitigations to avoid potential misuse and data breaches. The U.S. Cybersecurity & Infrastructure Security … Read more

Microsoft: New critical Exchange bug exploited as zero-day

February 14, 2024 at 06:29PM Microsoft has warned of a critical vulnerability in Exchange Server, CVE-2024-21410, allowing remote unauthenticated threat actors to escalate privileges. The company has released Exchange Server 2019 Cumulative Update 14 to address this and enable NTLM credentials Relay Protections. Admins are advised to evaluate their environments before toggling EP on Exchange … Read more