Microsoft Warns of Exploited Exchange Server Zero-Day
Posted: Fri Feb 16, 2024 12:05 am
Microsoft warned on Wednesday that a newly addressed vulnerability in Exchange Server has been actively exploited in attacks.
Tracked as CVE-2024-21410 (CVSS score of 9.8), the critical-severity flaw is described as a privilege escalation issue that allows attackers to mount pass-the-hash attacks.
According to Microsoft, an attacker could exploit the bug to relay a user’s Net-NTLMv2 hash against a vulnerable server and authenticate as that user.
[...]
Microsoft Warns of Exploited Exchange Server Zero-Day
Tracked as CVE-2024-21410 (CVSS score of 9.8), the critical-severity flaw is described as a privilege escalation issue that allows attackers to mount pass-the-hash attacks.
According to Microsoft, an attacker could exploit the bug to relay a user’s Net-NTLMv2 hash against a vulnerable server and authenticate as that user.
[...]
Microsoft Warns of Exploited Exchange Server Zero-Day