More than 28,500 Exchange servers are vulnerable to a new bug

Researchers have identified approximately 28,500 Microsoft Exchange servers at risk of a severe privilege escalation flaw (CVE-2024-21410), which is already being exploited by cybercriminals. The total count of servers potentially at risk exceeds 97,000.

It was revealed last week that CVE-2024-21410, a vulnerability discovered by Microsoft internally, permits remote, unauthenticated attackers to escalate privileges through an NTLM relay attack.

To mitigate this vulnerability, it is recommended that administrators promptly install the February 2024-released Exchange Server 2019 Cumulative Update 14 (CU14).

Following the release of patches during February’s Patch Tuesday, Microsoft updated its security bulletin on CVE-2024-21410, indicating that the flaw was exploited as a 0-day by hackers. Currently, there is no publicly available PoC exploit for this issue, so widespread attacks have not been reported.

Shadowserver specialists have now disclosed that they have detected around 97,000 potentially vulnerable servers online. Of these, the status of about 68,500 depends on whether protective measures have been implemented by their administrators, and another 28,500 servers remain susceptible to CVE-2024-21410.

The highest numbers of potentially vulnerable servers are found in Germany (22,903), the USA (19,434), the UK (3,665), France (3,074), Austria (2,987), Russia (2,771), Canada (2,554), and Switzerland (2,119).

More than 28,500 Exchange servers are vulnerable to a new bug

Experts emphasize the critical nature of CVE-2024-21410, warning that its exploitation could lead to severe repercussions for organizations. Attackers with elevated privileges in Exchange Server might access confidential information (such as emails) and leverage the compromised server as a launchpad for additional attacks.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment