More Than 28,000 Exchange Servers at Risk Due to New Vulnerability

2 Mins Read

PUREVPNNewsMore Than 28,000 Exchange Servers at Risk Due to New Vulnerability

A significant security vulnerability, known as CVE-2024-21410, is currently threatening the integrity of nearly 97,000 Microsoft Exchange servers worldwide. This flaw, of critical severity, opens the door for attackers to escalate their privileges without authentication, posing a severe risk to business communications and data.

Current Vulnerability Status

Microsoft patched the vulnerability on February 13, after it had already been exploited as a zero-day. Currently, approximately 28,500 servers remain at risk, which attackers can leverage to their advantage. 


Countries Most Affected by Server Vulnerabilities (Data Source: Shadowserver)

The vulnerability has a broad reach, affecting thousands of servers across multiple countries. Germany, the United States, and the United Kingdom top the list of the most affected regions, highlighting the widespread nature of this security issue.

Mitigation and Updates

To counteract the risk of CVE-2024-21410, administrators are urged to implement the latest updates provided by Microsoft, specifically the Exchange Server 2019 Cumulative Update 14 (CU14), which introduces protections against NTLM credential relay attacks. 

Government Response

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has taken the step of including CVE-2024-21410 in its catalog of Known Exploited Vulnerabilities. Federal agencies have been given a deadline until March 7, 2024, to secure their systems either by applying the necessary updates or discontinuing the use of vulnerable products.

The Stakes for Organizations

The exploitation of this vulnerability carries grave implications. Unauthorized access to an Exchange Server not only jeopardizes sensitive information, such as internal communications, but also provides a foothold for further network intrusions. Ensuring the security of these servers is crucial for maintaining the confidentiality and integrity of organizational data.

Final Word

The discovery of CVE-2024-21410 serves as a critical reminder of the importance of timely updates and vigilant security practices. With the potential for widespread disruption and data compromise, organizations worldwide must act swiftly to secure their systems against this pressing threat.

author

Anas Hasan

date

February 20, 2024

time

3 months ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Related Stories

Microsoft Provides Temporary Solution for Outlook Encrypted Email Reply Issue

Microsoft Provides Temporary Solution for Outlook Encrypted Email Reply Issue
Posted on May 17, 2024
MediSecure Ransomware Attack: Authorities Investigating the Data Breach

MediSecure Ransomware Attack: Authorities Investigating the Data Breach
Posted on May 17, 2024
Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android
Posted on May 16, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN