#NTLMRelayAttacks

Microsoft: New critical Exchange bug exploited as zero-day

February 14, 2024 by Xynik

February 14, 2024 at 06:29PM Microsoft has warned of a critical vulnerability in Exchange Server, CVE-2024-21410, allowing remote unauthenticated threat actors to escalate privileges. The company has released Exchange Server 2019 Cumulative Update 14 to address this and enable NTLM credentials Relay Protections. Admins are advised to evaluate their environments before toggling EP on Exchange … Read more

Microsoft Exchange update enables Extended Protection by default

February 14, 2024 by Xynik

February 14, 2024 at 12:41PM After installing Exchange Server 2019 CU14 or later, Extended Protection (EP) will be automatically enabled to strengthen Windows Server authentication and mitigate security risks. Admins should review Microsoft’s documentation and PowerShell script before toggling EP, and address any issues after enabling it. Microsoft encourages keeping servers updated to deploy emergency … Read more