CVE-2024-21410

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions prior to 2019 Cumulative Update 14

Description The vulnerability in Microsoft Exchange Server allows attackers to escalate privileges in NTLM relay attacks, potentially leading to unauthorized access to corporate resources. It is estimated that up to 97,000 servers may be vulnerable, with roughly 28,000 internet-facing Microsoft Exchange servers already identified as vulnerable. The issue has been exploited in real-world attacks, allowing attackers to hijack user accounts and gain admin-level control.

Recommendations To resolve the issue, apply the Exchange Server 2019 Cumulative Update 14, which enables NTLM credentials Relay Protections. Additionally, consider enabling Extended Protection for Authentication (EPA) to minimize the risk of exploitation. For versions prior to 2019, there is no information about a newer version that contains a fix for this vulnerability.