Critical Exchange Server zero-day under active exploitation

BleepingComputer reports that organizations have been advised by Microsoft regarding the active exploitation of a critical Exchange Server zero-day flaw, tracked as CVE-2024-21410, prior to it being remediated as part of this month's Patch Tuesday. Attackers could leverage the bug to facilitate privilege escalation in NTLM relay attacks against Microsoft Exchange Servers, according to an updated Microsoft advisory regarding the vulnerability. "The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf," said Microsoft. Such a security weakness could be mitigated through Extended Protection for Authentication, which has been activated by default across Exchange servers following the Exchange Server 2019 Cumulative Update 14. Meanwhile, organizations with older Exchange server versions have been urged to defend against the potential exploitation by enabling EP through ExchangeExtendedProtectionManagement PowerShell script but not before properly examining potential issues in their environments.