CVE-2024-21410: 
vulnerability analysis and mitigation

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410) is a critical security flaw with a CVSS score of 9.8. The vulnerability was disclosed in February 2024 and affects Microsoft Exchange Server 2019 Cumulative Update 13, Cumulative Update 14, and Exchange Server 2016 Cumulative Update 23. This vulnerability has been confirmed to be actively exploited in the wild (Hacker News).

The vulnerability allows an attacker to target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and perform operations on the Exchange server on the victim's behalf. Specifically, an attacker could relay a user's leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user (Hacker News, Microsoft Advisory).

The successful exploitation of this vulnerability could lead to elevation of privileges on affected Exchange Server systems. Given its critical severity rating (CVSS 9.8), the vulnerability poses a significant security risk, allowing attackers to gain unauthorized access and perform operations with elevated privileges (NVD).

Microsoft has enabled Extended Protection for Authentication (EPA) by default with the Exchange Server 2019 Cumulative Update 14 (CU14) update. Organizations are advised to install the latest Cumulative Updates and security updates for their Exchange Server installations. For Exchange Server 2019, both CU13 and CU14 have security updates available. Organizations should also ensure all prerequisites for Extended Protection are met and implement it on their servers (Microsoft Q&A).