Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
A critical Exchange vulnerability could leak your credentials to hackers
Check if your Exchange server leaked any credentials!
2 min. read
Published onFebruary 16, 2024
published onFebruary 16, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Microsoftacknowledgedthat a long known CVE (CVE-2024-21410) in Microsoft Exchange was exploited by taking advantage of an elevation of privilege vulnerability.
According to the Redmond giant, an attacker can take advantage of this vulnerability to get the credentials from Exchange clients such as Outlook, and then access the Exchange server using the victim’s data:
An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf.
Microsoft issued a patch and fixed the vulnerability
Microsoft issued the Exchange Server 2019 Cumulative Update 14 (CU14) to patch this vulnerability. The update enabled the NTLM credentials Relay Protections (also known as Extended Protection for Authentication or EPA).
The Exchange Server 2019 CU14 enables EPA by default on Exchange servers and Microsoft recommends installing it ASAP to secure your clients and servers.
Also, if you’re running the Microsoft Exchange Server 2016 Cumulative Update 23, the company released Extended Protection as an optional feature with the August 2022 security update (build 15.01.2507.012) to protect your server against CVE-2024-21410.
So, if you didn’t do that until now,install the latest security update for Exchange Server 2016 CU23before turning on the Extended Protection feature.
Microsoft says that if you already ran the script that enables NTLM credentials Relay Protections on Exchange Server 2019 CU13 or earlier, you were protected from this vulnerability.
If you want to know if your server is configured properly, the company recommends running the latest version of theExchange Server Health Checker scriptthat will provide an overview of the Extended Protection status.
Although Microsoft acknowledged that CVE-2024-21410 was exploited, they don’t supply any information on the extent of the damage caused by this vulnerability.
Did you already patch your Microsoft Exchange server? Comment below if you had any problems with the update or the vulnerability.
More about the topics:Cybersecurity,Microsoft Exchange
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft.
His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his passion for Windows and everything related became obvious when he became a sys admin in a computer science high school.
With 14 years of experience in writing about everything there is to know about science and technology, Claudiu also likes rock music, chilling in the garden, and Star Wars. May the force be with you, always!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, with 14 years of experience in writing on everything there is to know about science, technology, and Microsoft
