Microsoft warned on Wednesday that a newly addressed vulnerability in Exchange Server has been actively exploited in attacks.
Tracked as CVE-2024-21410 (CVSS score of 9.8), the critical-severity flaw is described as a privilege escalation issue that allows attackers to mount pass-the-hash attacks.
According to Microsoft, an attacker could exploit the bug to relay a user’s Net-NTLMv2 hash against a vulnerable server and authenticate as that user.
[...]
Microsoft Warns of Exploited Exchange Server Zero-Day
Microsoft Warns of Exploited Exchange Server Zero-Day
-
rbc
- President
- Posts: 291
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Microsoft Warns of Exploited Exchange Server Zero-Day
Robert B. Carleton + ISC2 Central Mississippi President