Microsoft’s Exchange Server issued a warning in its security update for a vulnerability that could be exploited by threat actors as a zero-day. The security flaw could be used to force a network device, including servers and domain controllers, to authenticate against an NTLM relay server as well as impersonate the targeted devices and elevate privileges.
“An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability,” Microsoft shared in its vulnerability notes.
“An attacker who successfully exploited this vulnerability could relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user”, the company said.
The vulnerability was discovered internally by Microsoft and has been addressed in the company’s cumulative update.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
The company in its security update also advised admins to evaluate their environments and review the issues mentioned in the documenters of the Microsoft-provided ExchangeExtendedProtectionManagement PowerShell script.
Published - February 15, 2024 05:07 pm IST