CVE-2024-21410. Behind this somewhat obscure name hides a critical vulnerability in Exchange mail servers which has the potential to jeopardize certain French business networks.
This is news that many French firms would have liked to do without. A good number of servers running Exchange, Microsoft’s solution for email management, are affected by a severe bug allowing malicious hackers to infiltrate a mailbox and sometimes even the network of the company behind it.
Between 1300 and 3300 servers affected
As announced by ShadowServer, a foundation specializing in cybersecurity, on Twitter, a flaw labeled CVE-2024-21410 affects at least 28,500 Exchange servers worldwide. A good part of these machines are located in France, particularly among French companies. According to the information revealed by the foundation, 1321 servers are certainly affected by this bug and 3381 machines in total are “ potentially vulnerable “, i.e. running under the buggy version of the system but with potential protection measures applied.
Concretely, the bug allows a malicious hacker to execute an attack via the NTLM authentication process which then makes it possible to infiltrate a company’s network system through privilege escalation. The American cybersecurity agency explains that “ These types of vulnerabilities are common attack vectors for malicious hackers and pose significant risks “.
Even without infiltrating the underlying IT system, access to the email, calendars and contacts of certain people within a company already provides enough attack surface for advanced phishing campaigns. The risk for personal data is therefore significant and the multiplication of potential targets is not exactly reassuring.
An update available
No proof of concept of the attack has been made public, which mechanically reduces the number of organizations exploiting this bug. However, as Microsoft itself explains, such vulnerabilities have already been exploited in 2023 and could continue to claim victims today. It is for this reason that the flaw is noted as “critical » by the company.
Fortunately, there is a fix for the vulnerability in Exchange Server 2019 Cumulative Update 14 (CU14) rolling out in mid-February. Unfortunately, it appears that many firms have not yet installed the new system, as business systems are often much more critical and therefore much less flexible than home computers.
How to choose the best VPN in 2024? Clubic has tested and compared the performance and security level of the best providers on the market. Find out which is the best Virtual Private Network to secure your Internet connection.
Read more
Source : Bleeping Computer
0