15 February 2024

Microsoft says new Exchange flaw exploited as a zero-day


Microsoft says new Exchange flaw exploited as a zero-day

Microsoft has updated its security advisory on a recently patched MS Exchange security vulnerability to say that the flaw is under active exploitation.

The vulnerability (CVE-2024-21410) is a privilege escalation issue in Microsoft Exchange Server that can be exploited by a remote attacker to target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf.

The flaw affects Microsoft Exchange Server versions 2016 CU22 Nov22SU 15.01.2375.037 through 2019 RTM Mar21SU 15.02.0221.018.

The tech giant didn’t provide any details regarding the nature of the exploitation or what threat actor was behind the attacks.

As part of its February 2024 Patch Tuesday released this week, Microsoft addressed two additional zero-day vulnerabilities CVE-2024-21351 and CVE-2024-21412. Both flaws have been described as a Windows SmartScreen security feature bypass issue that could be exploited for running malicious files on the system or remote code execution.

According to Trend Micro, CVE-2024-21412 has been exploited as part of a sophisticated zero-day attack chain by a threat actor tracked as Water Hydra (aka DarkCasino) that targeted financial market traders. The attackers leveraged the zero-day flaw to deploy the DarkMe malware.

Back to the list

Latest Posts

Morocco-based cybercriminals hack large retailers for gift card theft

Morocco-based cybercriminals hack large retailers for gift card theft

Microsoft reported a 30% increase in Storm-0539 intrusion activity between March and May 2024.
27 May 2024
Transparent Tribe APT targets Indian gov’t and defense sectors with cross-platform malware

Transparent Tribe APT targets Indian gov’t and defense sectors with cross-platform malware

Recent campaigns have seen the group using cross-platform programming languages such as Python, Go, and Rust.
27 May 2024
MITRE hackers created rogue VMs to evade detection

MITRE hackers created rogue VMs to evade detection

MITRE has concluded its internal cyberattack investigation.
27 May 2024