Security News > 2024 > February > Over 28,500 Exchange servers vulnerable to actively exploited bug
Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.
Currently, 28,500 servers have been identified as being vulnerable.
The security issue allows remote unauthenticated actors to perform NTLM relay attacks on Microsoft Exchange Servers and escalate their privileges on the system.
Today, threat monitoring service Shadowserver announced that its scanners have identified approximately 97,000 potentially vulnerable servers.
Out of the total 97,000, the vulnerable state for an estimated 68,500 servers depends on whether administrators applied mitigations, while 28,500 are confirmed to be vulnerable to CVE-2024-21410.
Microsoft: New critical Exchange bug exploited as zero-day.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-13 | CVE-2024-21410 | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 9.8 |