"Microsoft Warns of Exploited Exchange Server Zero-Day"

Microsoft recently warned that a newly addressed vulnerability in Exchange Server has been actively exploited in attacks.  Tracked as CVE-2024-21410 (CVSS score of 9.8), the critical severity flaw is described as a privilege escalation issue that allows attackers to mount pass-the-hash attacks.  According to Microsoft, an attacker could exploit the bug to relay a user's Net-NTLMv2 hash against a vulnerable server and authenticate as that user.  Microsoft noted that the root cause of the vulnerability is that NTLM credential relay protection, or Extended Protection for Authentication (EPA), was not enabled by default in Exchange Server 2019.  The issue has been addressed with the release of Exchange Server 2019 Cumulative Update 14 (CU14), which brings several other improvements and fixes as well.  Initially, Microsoft's advisory on CVE-2024-21410 did not flag the bug as exploited, but the company updated it on 2/15/2024 to change the exploitation flag to "indicate that Microsoft was aware of exploitation of this vulnerability." Cybersecurity firm Check Point recently published details on another critical-severity Outlook vulnerability, CVE-2024-21413 (CVSS score of 9.8).  Resolved on February 2024 Patch Tuesday, the bug allows attackers to bypass the Office Protected View and execute code remotely.  The researchers noted that attacks exploiting CVE-2024-21413 are trivial, do not prompt security warnings or error messages, and can lead to data theft, malware execution, privilege escalation, and victim impersonation.

SecurityWeek reports: "Microsoft Warns of Exploited Exchange Server Zero-Day"