GIFT a SubscriptionGift
HamberMenu
  1. Science
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon
  1. Science
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon

To enjoy additional benefits

GIFT a SubscriptionGift
ShowcaseCrossword+

CONNECT WITH US

Microsoft update patch fixes critical bug in Exchange Server

Microsoft fixed a critical vulnerability in its Exchange Server that could be exploited to impersonate targeted devices and escalate privileges

Published - February 15, 2024 05:07 pm IST

The Hindu Bureau
Microsoft’s Exchange Server issued a warning in its security update for a critical vulnerability.

Microsoft’s Exchange Server issued a warning in its security update for a critical vulnerability. | Photo Credit: AP

Microsoft’s Exchange Server issued a warning in its security update for a vulnerability that could be exploited by threat actors as a zero-day. The security flaw could be used to force a network device, including servers and domain controllers, to authenticate against an NTLM relay server as well as impersonate the targeted devices and elevate privileges.

“An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability,” Microsoft shared in its vulnerability notes.

“An attacker who successfully exploited this vulnerability could relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user”, the company said.

The vulnerability was discovered internally by Microsoft and has been addressed in the company’s cumulative update.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

The company in its security update also advised admins to evaluate their environments and review the issues mentioned in the documenters of the Microsoft-provided ExchangeExtendedProtectionManagement PowerShell script.

Published - February 15, 2024 05:07 pm IST

Related stories

Related Topics

technology (general) / internet / World

Top News Today

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.