Readers assist help Home windows Report. Whenever you make a purchase order utilizing hyperlinks on our website, we could earn an affiliate fee.
Learn the affiliate disclosure web page to seek out out how are you going to assist Home windows Report effortlessly and with out spending any cash. Learn extra
Microsoft acknowledged {that a} lengthy identified CVE (CVE-2024-21410) in Microsoft Change was exploited by making the most of an elevation of privilege vulnerability.
In response to the Redmond large, an attacker can benefit from this vulnerability to get the credentials from Change purchasers resembling Outlook, after which entry the Change server utilizing the sufferer’s information:
An attacker might goal an NTLM consumer resembling Outlook with an NTLM credentials-leaking kind vulnerability. The leaked credentials can then be relayed in opposition to the Change server to realize privileges because the sufferer consumer and to carry out operations on the Change server on the sufferer’s behalf.
Microsoft issued a patch and stuck the vulnerability
Microsoft issued the Change Server 2019 Cumulative Replace 14 (CU14) to patch this vulnerability. The replace enabled the NTLM credentials Relay Protections (also called Prolonged Safety for Authentication or EPA).
The Change Server 2019 CU14 allows EPA by default on Change servers and Microsoft recommends putting in it ASAP to safe your purchasers and servers.
Additionally, in case you’re working the Microsoft Change Server 2016 Cumulative Replace 23, the corporate launched Prolonged Safety as an non-obligatory function with the August 2022 security replace (construct 15.01.2507.012) to guard your server in opposition to CVE-2024-21410.
So, in case you didn’t try this till now, set up the newest security replace for Change Server 2016 CU23 earlier than turning on the Prolonged Safety function.
Microsoft says that in case you already ran the script that permits NTLM credentials Relay Protections on Change Server 2019 CU13 or earlier, you had been shielded from this vulnerability.
If you wish to know in case your server is configured correctly, the corporate recommends working the newest model of the Change Server Well being Checker script that may present an outline of the Prolonged Safety standing.
Though Microsoft acknowledged that CVE-2024-21410 was exploited, they don’t provide any info on the extent of the harm attributable to this vulnerability.
Did you already patch your Microsoft Change server? Remark under in case you had any issues with the replace or the vulnerability.
