A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

15th February 2024

Advisory No: TZCERT/SA/2024/02/15

Date of First Release: 15th February 2025

Source: Microsoft

Software Affected: Microsoft Exchange Server

Overview:

Microsoft has disclosed a critical security flaw in Exchange Server that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to gain privileges as the victim client.

Description:

The vulnerability (CVE-2024-21410, CVSS score: 9.8) results in NTLM credentials-leaking when an attacker targets a victim e.g. NTLM client such as Outlook. Successful exploitation of the flaw could permit an attacker to relay a user’s leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

Microsoft has released security updates to resolve this vulnerability. Users and administrations are encouraged to update as soon as possible.

References:

  1. https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21410

TZCERT-SU-24-0161 (Juniper Security Update)

14th February 2024

Juniper has released security updates to address a vulnerability in Junos OS on SRX Series and EX Series. Exploitation of this vulnerability may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Juniper Security Bulletin and apply necessary updates.

TZCERT-SU-24-0160 (SolarWinds Security Update)

14th February 2024

SolarWinds has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review SolarWinds Security Advisory for CVE-2023-50395 and CVE-2023-35188 and apply necessary updates.

TZCERT-SU-24-0158 (Veritas Security Update)

14th February 2024

Veritas has released security updates to address a vulnerability in Veritas eDiscovery Platform versions 10.2.4, and prior. Exploitation of this vulnerability may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Veritas Security Advisory and apply necessary updates.

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.