Over 28,500 Exchange servers vulnerable to actively exploited bug

Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.
Microsoft addressed the issue on Fenruary 13, when it had already been leveraged as a zero-day.
Currently, 28,500 servers have been identified as being vulnerable.
Exchange Server is widely used in business environments to facilitate communication and collaboration among users, providing email, calendar, contact management, and task management services.
The security issue allows remote unauthenticated actors to perform NTLM relay attacks on Microsoft Exchange Servers and escalate their privileges on the system.
Today, threat monitoring service Shadowserver announced that its scanners have identified approximately 97,000 potentially vulnerable servers.
Out of the total 97,000, the vulnerable state for an estimated 68,500 servers depends on whether administrators applied mitigations, while 28,500 are confirmed to be vulnerable to CVE-2024-21410.
Currently, there's no publicly available proof-of-concept exploit for CVE-2024-21410, which somewhat limits the number of attackers using the flaw in attacks.
To address CVE-2024-21410, system admins are recommended to apply the Exchange Server 2019 Cumulative Update 14 update released during the February 2024 Patch Tuesday, which enables NTLM credentials Relay Protections.
The U.S. Cybersecurity & Infrastructure Security Agency has also added CVE-2024-21410 to its 'Known Exploited Vulnerabilities' catalog, giving federal agencies until March 7, 2024, to apply the available updates/mitigations or stop using the product.
Exploitation of CVE-2024-21410 can have serious consequences for an organization because attackers with elevated permissions an Exchange Server can access confidential data like email communication and use the server as a ramp for further attacks on the network.
Microsoft: New critical Exchange bug exploited as zero-day.
Microsoft Exchange 2019 has reached end of mainstream support.
Zoom patches critical privilege elevation flaw in Windows apps.
Microsoft Exchange update enables Extended Protection by default.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 19 Feb 2024 19:40:15 +0000

Cyber News related to Over 28,500 Exchange servers vulnerable to actively exploited bug

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
3 weeks ago Securityaffairs.com

The ticking time bomb of Microsoft Exchange Server 2013 - This is, of course, a common issue since 2021 or so, due to Exchange Server security woes- however there has been an abnormally high increase in the past few months, making me think there was some kind of Exchange Server zero day perhaps. In my own ...
6 months ago Doublepulsar.com

Over 28,500 Exchange servers vulnerable to actively exploited bug - Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. Microsoft addressed the issue on Fenruary 13, when it had already been ...
4 months ago Bleepingcomputer.com

Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks - Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. The mail systems run a software version that is currently unsupported and no longer ...
6 months ago Bleepingcomputer.com

Protect Your Exchange Server from Hackers: Microsoft's Latest Warning - Microsoft is telling customers to apply its latest updates to shield Exchange Server from hackers that keep targeting the platform to access corporate mailboxes and nab company address books for phishing. Attackers looking to exploit unpatched ...
1 year ago Zdnet.com

Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug - Microsoft has identified one of the critical vulnerabilities in Exchange Server that the company disclosed in February's Patch Tuesday update as actually being a zero-day threat that attackers are already actively exploiting. CVE-2024-21410 is an ...
4 months ago Darkreading.com

Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
4 weeks ago Securityaffairs.com

newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
4 weeks ago Securityaffairs.com

Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks - A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure. These servers are running out-of-date software that is no longer ...
6 months ago Cysecurity.news

Microsoft Exchange 2019 has reached end of mainstream support - Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. Starting today, the company says it will no longer accept requests for bug fixes and Design Change Requests, but it ...
5 months ago Bleepingcomputer.com

North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 month ago Securityaffairs.com

Microsoft Urges Admins to Patch On-Premises Exchange Servers: Updated Security Advice - Microsoft recently released updated guidelines and security advice regarding on-premises Exchange server environments. The company reminded administrators that patching their Exchange servers is essential to prevent cyberattacks and ensure their ...
1 year ago Bleepingcomputer.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
3 weeks ago Securityaffairs.com

newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
3 weeks ago Securityaffairs.com

Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
1 month ago Securityaffairs.com

Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
4 weeks ago Securityaffairs.com

Microsoft Exchange Servers Vulnerable to Cyberattacks - Microsoft Exchange Servers are becoming increasingly vulnerable to cyberattacks due to unpatched security vulnerabilities. Microsoft has recently released several critical patches for Exchange Servers, but it is still not enough to prevent possible ...
1 year ago Hackread.com

BreachForums resurrected after FBI seizure - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
3 weeks ago Securityaffairs.com

North Korea-linked IT workers infiltrated hundreds of US firms - CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
1 month ago Securityaffairs.com

Crooks stole more than $300M worth of Bitcoin from DMM Bitcoin - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Threat actors actively ...
3 weeks ago Securityaffairs.com

CISA warns agencies of fourth flaw used in Triangulation spyware attacks - The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Apple, Adobe, Apache, D-Link, and Joomla. The Known Exploited Vulnerabilities ...
5 months ago Bleepingcomputer.com

New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
4 weeks ago Securityaffairs.com

High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
4 weeks ago Securityaffairs.com

Fancy Bear hackers still exploiting Microsoft Exchange flaw - A Russian nation-state group continues to exploit a critical Microsoft vulnerability that was patched eight months ago to gain access to emails within victim organizations' Exchange servers. In March, Microsoft disclosed a zero-day elevation of ...
6 months ago Techtarget.com

Latest Cyber News

CVE-2024-35973 - 6 seconds ago
CVE-2023-52650 - 6 seconds ago
CVE-2024-35922 - 3 hours ago
CVE-2023-52644 - 3 hours ago
CVE-2024-27395 - 5 hours ago
CVE-2024-36020 - 5 hours ago
CVE-2023-52656 - 5 hours ago
CVE-2024-35982 - 5 hours ago
CVE-2024-35997 - 5 hours ago
CVE-2024-35983 - 5 hours ago
CVE-2024-35930 - 5 hours ago
CVE-2024-27416 - 5 hours ago
CVE-2024-27413 - 5 hours ago
CVE-2024-35785 - 5 hours ago
CVE-2024-27388 - 5 hours ago
CVE-2024-27078 - 5 hours ago
CVE-2024-27077 - 5 hours ago
CVE-2024-27076 - 5 hours ago
CVE-2024-27074 - 5 hours ago
CVE-2024-27073 - 5 hours ago

Cyber Trends (last 7 days)

Okta - 6 months ago
23andMe - 6 months ago
Kimsuky - 6 months ago
LogoFAIL - 6 months ago
Gh0st rat - 6 months ago

Trending Cyber News (last 7 days)

CVE-2024-27395 - 5 hours ago
CVE-2024-34400 - 7 hours ago
CVE-2024-21740 - 7 hours ago
CVE-2024-21739 - 7 hours ago
CVE-2024-38516 - 7 hours ago
CVE-2024-37855 - 7 hours ago
CVE-2024-37843 - 7 hours ago
CVE-2024-35526 - 7 hours ago
CVE-2024-21741 - 7 hours ago
CVE-2024-5019 - 7 hours ago
CVE-2024-5018 - 7 hours ago
CVE-2024-5017 - 7 hours ago
CVE-2024-5016 - 7 hours ago
CVE-2024-5015 - 7 hours ago
CVE-2024-5014 - 7 hours ago
CVE-2024-5013 - 7 hours ago
CVE-2024-5012 - 7 hours ago
CVE-2024-37820 - 9 hours ago
CVE-2024-36819 - 9 hours ago
CVE-2024-5990 - 9 hours ago