8,500+ Exchange Servers Vulnerable To Privilege escalation 0-Day Flaw

A severe vulnerability in Microsoft Alternate Server, identified as CVE-2024-21410, has been reported to be actively exploited by threat actors.

This zero-day flaw lets in some distance away unauthenticated attackers to manufacture NTLM relay assaults and escalate their privileges on the system. As of the most neatly-liked reports, over 28,500 Alternate servers live at threat of this security tell.

Privilege Escalation 0-day Flaw

The CVE-2024-21410 vulnerability enables attackers to drive a community scheme to authenticate in opposition to an NTLM relay server below their alter.

This lets in them to impersonate the targeted gadgets and elevate privileges.

Microsoft found the flaw internally, and it has been addressed within the Alternate Server 2019 Cumulative Update 14 (CU14), which enables NTLM credentials Relay Protections, additionally referred to as Prolonged Security for Authentication (EPA).

As per the most neatly-liked Shadow Server reports, it has been found that roughly 97,000 servers which may doubtless per chance be inclined were uncovered over the Web.

Mitigation Solutions

Microsoft has provided mitigation ideas to guard in opposition to this vulnerability.

The predominant mitigation entails enabling Prolonged Security (EP) on Alternate servers, which is designed to present a boost to Home windows Server authentication efficiency by mitigating relay and man-in-the-center (MitM) assaults.

EP will be robotically enabled by default on all Alternate servers after installing the 2024 H1 Cumulative Update (CU14).

For previous versions of Alternate Server, equivalent to Alternate Server 2016, directors can activate EP the utilize of the ExchangeExtendedProtectionManagement PowerShell script provided by Microsoft.

It’s important to promptly note these mitigations to guard in opposition to assaults focused on unpatched gadgets.