Skip to main content

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Advisory

Advisory
29 APR 2024

 

Background

CVE-2024-21410 is a critical vulnerability affecting Microsoft Exchange Server, with a severity score of 9.8. Successful exploitation of the flaw could permit an attacker to relay a user's leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user. This elevation of privilege vulnerability can be exploited by attackers to gain unauthorized access to affected systems. It is essential for organizations to apply appropriate mitigations to protect their systems from potential exploitation.

 

Impact

  • Elevation of privilege
  • An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability.

 

Affected Products

The affected versions include:

  • Microsoft Exchange Server 2016 Cumulative Update 23
  • Microsoft Exchange Server 2019 Cumulative Update 13
  • Microsoft Exchange Server 2019 Cumulative Update 14

 

Recommendations

  • Microsoft strongly recommends installing CU14 on Exchange Server 2019 or enabling Extended Protection within your organization as per Configure Windows Extended Protection in Exchange Server.(https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019)
  • Microsoft introduced Extended Protection support as an optional feature for Exchange Server 2016 CU23 with the August 2022 security update (build 15.01.2507.012). It is strongly recommended to download the latest security update for Exchange Server 2016 CU23 prior to turning on Extended Protection by the help of the ExchangeExtendedProtectionManagement.ps1 (https://aka.ms/ExchangeEPScript)
  • If it is already running Exchange Server 2019 CU13 or earlier and has previously run the script then you are protected from this vulnerability, however, Microsoft strongly suggests installing the latest cumulative update.
  • Run the latest version of the Exchange Server Health Checker Script (https://aka.ms/exchangeHealthChecker). The script will provide you with an overview of the Extended Protection status of your server.

 

References