You are currently viewing Patch Immediately! Critical Exchange Server Vulnerability Actively Exploited

Patch Immediately! Critical Exchange Server Vulnerability Actively Exploited

  • Post author:
  • Reading time:3 mins read

A recently discovered critical vulnerability in Microsoft Exchange Server (CVE-2024-21410) is being actively exploited by attackers. A privilege escalation vulnerability allows attackers to use leaked login credentials (like those from compromised Outlook clients) to gain unauthorized access and control over your server. This could lead to sensitive data breaches, malware deployment, and further attacks within your network.

Understanding CVE-2024-21410

With a severity score of 9.8 on the CVSS scale, the vulnerability targets NTLM clients such as Outlook by exploiting a credentials-leaking vulnerability. Attackers can leverage this flaw to obtain leaked credentials and perform unauthorized operations on the Exchange server.

Implications of Successful Exploitation

If successfully exploited, the vulnerability enables attackers to relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server by granting them unauthorized access as the user. The exact nature of the exploitation and the identity of threat actors remain undisclosed. Although past incidents involving Russian state-affiliated hacking groups, notably APT28, raise concerns.

Associated Risks

This incident is not an isolated case, as it adds to a series of Windows flaws patched by Microsoft this week, including CVE-2024-21351 and CVE-2024-21412, both actively exploited in real-world attacks. Moreover, the implications extend beyond mere credential leakage. The flaw’s destructive capability potentially encompasses RCE and the bypassing of Office Protected View, heightening the severity of the situation.


Microsoft has enabled EPA by default for Exchange Server 2019 Cumulative Update 14 (CU14). Consider enabling EPA manually for additional protection if you’re using an older version.

Microsoft has released security patches to address these vulnerabilities, and it is urging all users to apply the patches as soon as possible.


SanerNow Vulnerability Management and SanerNow Patch Management detect and automatically fix these vulnerabilities by applying security updates. Use SanerNow and keep your systems updated and secure!

Share this article