Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Read Time:42 Second

What is the Vulnerability?
Microsoft disclosed a critical security flaw in the Exchange Server. Tracked as CVE-2024-21410, the issue has been described as a privilege escalation vulnerability. This security flaw can let remote unauthenticated threat actors escalate privileges in NTLM relay attacks against vulnerable Exchange Servers. Microsoft reported that the flaw has been actively exploited in the wild.

What is the Vendor Solution?

Microsoft released a patch on Feb 13, 2024, as part of its Patch Tuesday updates. Please follow the link to learn more about mitigation steps. [ Link ]

What FortiGuard Coverage is available?

FortiGuard Labs has an Endpoint Vulnerability Signature in place for CVE-2024-21410 to detect any vulnerable systems and auto patch if enabled.

FortiGuard Labs recommends administrators to review and apply the most recent upgrade or patch from Microsoft as soon as possible.

Space Bears ransomware: what you need to know

Zero-Day Vulnerability in Ivanti VPN

Fancy Product Designer Plugin Flaws Expose WordPress Sites

Japan Faces Prolonged Cyber-Attacks Linked to China’s MirrorFace

PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak

EU Commission Liable for Breaching EU’s Own Data Protection Rules

United Nations aviation agency hacked, recruitment database plundered

Government Launches £1.9m Initiative to Boost UK’s Cyber Resilience

Critical Ivanti Zero-Day Exploited in the Wild

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

USN-7197-1: Go Networking vulnerability

USN-7185-2: Linux kernel (Azure) vulnerabilities

USN-7169-4: Linux kernel (Azure) vulnerabilities

USN-7196-1: Linux kernel (Azure) vulnerabilities

USN-7195-1: Linux kernel (Azure) vulnerabilities

USN-7194-1: Linux kernel (Azure) vulnerabilities