===================================================================== 
CERT-Renater 

Note d'Information No. 2024/VULN087 
_____________________________________________________________________ 

DATE : 23/02/2024 

HARDWARE PLATFORM(S): / 

OPERATING SYSTEM(S): Systems running Microsoft Exchange Server 2019 
Cumulative Update 14, 
Microsoft Exchange Server 2019 Cumulative 
Update 13 
and Microsoft Exchange Server 2016 Cumulative 
Update 23 

===================================================================== 
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21410 
_____________________________________________________________________ 

Microsoft Exchange Server Elevation of Privilege Vulnerability 

Summary : 

An attacker could target an NTLM client such as Outlook with an NTLM 
credentials-leaking type vulnerability. The leaked credentials can 
then be relayed against the Exchange server to gain privileges as the 
victim client and to perform operations on the Exchange server on the 
victim's behalf. For more information about Exchange Server's support 
for Extended Protection for Authentication(EPA), please see Configure 
Windows Extended Protection in Exchange Server. 

An attacker who successfully exploited this vulnerability could relay 
a user's leaked Net-NTLMv2 hash against a vulnerable Exchange Server 
and authenticate as the user. 

This vulnerability is currently exploited. 

Version Affected Solution 

For Microsoft Exchange Server 2019 Cumulative Update 14 upgrade to 
build number 15.2.1544.004 

For Microsoft Exchange Server 2019 Cumulative Update 13 upgrade to 
build number 15.2.1544.004 

For Microsoft Exchange Server 2016 Cumulative Update 23, please refer 
to : https://aka.ms/OfficeSecurityReleases 

+-------------------------------------------------------------------- 

CVE-2024-21410 

Released: Feb 13, 2024 
Last updated: Feb 15, 2024 

Impact: Elevation of Privilege 

Max Severity: Critical 

CVSS (v3.1) score : 
- 9.8 (métriques de base) 
- 9.1 (métriques de score temporel) 

URL: 
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21410 
https://www.cve.org/CVERecord?id=CVE-2024-21410 

========================================================= 
+ CERT-RENATER | tel : 01-53-94-20-44 + 
+ 23/25 Rue Daviel | fax : 01-53-94-20-41 + 
+ 75013 Paris | email:cert@support.renater.fr + 
=========================================================