15 February 2024

Microsoft says new Exchange flaw exploited as a zero-day


Microsoft says new Exchange flaw exploited as a zero-day

Microsoft has updated its security advisory on a recently patched MS Exchange security vulnerability to say that the flaw is under active exploitation.

The vulnerability (CVE-2024-21410) is a privilege escalation issue in Microsoft Exchange Server that can be exploited by a remote attacker to target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf.

The flaw affects Microsoft Exchange Server versions 2016 CU22 Nov22SU 15.01.2375.037 through 2019 RTM Mar21SU 15.02.0221.018.

The tech giant didn’t provide any details regarding the nature of the exploitation or what threat actor was behind the attacks.

As part of its February 2024 Patch Tuesday released this week, Microsoft addressed two additional zero-day vulnerabilities CVE-2024-21351 and CVE-2024-21412. Both flaws have been described as a Windows SmartScreen security feature bypass issue that could be exploited for running malicious files on the system or remote code execution.

According to Trend Micro, CVE-2024-21412 has been exploited as part of a sophisticated zero-day attack chain by a threat actor tracked as Water Hydra (aka DarkCasino) that targeted financial market traders. The attackers leveraged the zero-day flaw to deploy the DarkMe malware.

Back to the list

Latest Posts

Chinese hackers target OpenAI employees in phishing attack

Chinese hackers target OpenAI employees in phishing attack

OpenAI said it disrupted cyber threats from China-based and Iranian groups.
10 October 2024
Fortinet, Mozilla Firefox flaws exploited in the wild

Fortinet, Mozilla Firefox flaws exploited in the wild

Users are urged to update to the latest versions immediately to protect against potential exploitation.
10 October 2024
Mamba 2FA PaaS platform targets Microsoft 365 accounts in advanced AiTM attacks

Mamba 2FA PaaS platform targets Microsoft 365 accounts in advanced AiTM attacks

At $250 per month, the platform offers threat actors well-crafted phishing pages and mechanisms to bypass MFA.
9 October 2024