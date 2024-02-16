Microsoft Teams and Outlook were hit outages - Copyright AFP/File Fabrice COFFRINI

Microsoft has acknowledged that the newly patched critical Exchange Server vulnerability (CVE-2024-21410) has been exploited in the wild.

According to Microsoft, an attacker could exploit the bug to relay a user’s Net-NTLMv2 hash against a vulnerable server and authenticate as that user.

“An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf.”

Microsoft Exchange Servers, and mail servers in general, are central communication nodes in every organization and as such they are attractive targets for cybercriminals. The type of damage that can be conducted includes:

Service Disruptions: Essential public services, energy networks, and transportation systems could face significant interruptions.

Security Risks: Including threats to national security and public safety, especially in critical infrastructure sectors.

Economic Impact: Disruptions could have a ripple effect, affecting supply chains and the economy.

Data Privacy Concerns: There’s a risk of personal data breaches.

Considering the implications of this for Digital Journal is Roei Sherman, Field CTO at Mitiga.

Sherman is concerned that if a major play in the technology sector like Microsoft can be exposed as vulnerable this provides a low level of assurance for other business areas.

Sherman states: “Microsoft’s recent announcement of a critical Exchange Server vulnerability, patched before exploitation, raises significant concerns in the cybersecurity landscape. This revelation, particularly insulated from cloud environments like Exchange Online, underscores the evolving nature of cyber threats.”

This is not the first time Microsoft has fallen foul of malicious actors. For instance, on 2nd March 2021 Microsoft made public that sophisticated actors had attacked a number of Exchange servers.

One of the complexities is the labyrinthine nature of cyberattackers and the networks they use. This is brought out by Sherman: “Its occurrence shortly after a significant breach of Microsoft’s executive mailboxes and amidst reports of targeted email compromise campaigns, highlights the intricate web of security challenges organizations face.”

As to what both Microsoft and the technology community at large should do is, according to Sherman: “This scenario invites a reflection on the robustness of on-premises solutions and the imperative for adaptive security strategies in an era where digital threats can emerge from multiple vectors.”