#Critical #Exchange #Server #vulnerability #actively #zeroday #attacks
A critical vulnerability in Exchange Server for which Microsoft released security updates on Tuesday evening has been actively used in zero-day attacks, Microsoft said. The company initially reported that this was not the case. The vulnerability makes it possible to conduct NTLM relay attacks on Exchange servers and gain access to users’ email accounts.
In the case of a relay attack, an attacker can use a victim’s intercepted password hash to log into the Exchange server and gain access to the victim’s email account. To do this, an attacker would first have to obtain the user’s hash, for example by exploiting a vulnerability in Outlook, Microsoft explains.
The impact of the vulnerability, referred to as CVE-2024-21410, has been rated 9.8 on a scale of 1 to 10. Microsoft does not provide details about the observed zero-day attacks and why it did not initially report that it was a zero-day breach.
:format(webp)/nginx/o/2023/09/27/15618395t1h2fdc.jpg)