Want relief keeping up with product patching, upgrades, and more?  Learn how our Managed Services for law firms can help you.

Microsoft Exchange Server Elevation of Privilege Vulnerability

Feb 16, 2024

Cornerstone.IT Gold Microsoft Partner

Please see Microsoft Exchange Server vulnerability below.

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf. For more information about Exchange Server’s support for Extended Protection for Authentication(EPA), please see Configure Windows Extended Protection in Exchange Server.

A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.

Original Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410