The Shadowserver Foundation, a non-profit cybersecurity organization, has warned that a recently disclosed zero-day vulnerability affects over 28,000 internet-accessible Microsoft Exchange servers.
Also read: Types of Password Attack and Ways to Stop Them
Approximately 68,000 other Exchange instances are deemed ‘possibly’ vulnerable, implying that mitigations have been installed, bringing the total number of potentially exploitable servers to about 97,000, Shadowserver reports. The vulnerability, identified as CVE-2024-21410 (CVSS score of 9.8), is a privilege escalation flaw that allows an attacker to relay a user’s Net-NTLMv2 hash to a vulnerable server and authenticate as that user.
According to Microsoft, the problem exists because Exchange Server 2019 does not have NTLM credential relay protection or Extended Protection for Authentication (EPA) enabled by default.
Read More: Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.