Today we are announcing the availability of the 2024 H1 Cumulative Update (CU) for Exchange Server 2019 (aka CU14). CU14 includes fixes for customer reported issues, a security change, and all previo...
Updated Feb 22, 2024
Version 11.0
Blog Post
Nino_Bilic Could you please let me know what is causing in CVE-2024-21410 (Microsoft Exchange Server Elevation of Privilege Vulnerability).
How could an attacker exploit this vulnerability?
we do not have any Mailbox hosted on Exchange on-premise servers, can attacker still exploit the credentials using NTLM, we are using NTLMv2.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could relay a user's leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user.