Pakistan Telecommunication Authority (PTA) issued a critical cybersecurity advisory concerning a flaw (CVE-2024-21410) actively exploited in Microsoft Exchange Servers. This vulnerability, classified as critical, allows attackers to escalate privileges and launch NTLM Relay Attacks.
According to PTA, attackers are leveraging this flaw, which exploits NTLM clients like Outlook to steal credentials, to gain unauthorized access to Exchange servers. Once compromised, attackers can perform actions on the server impersonating the victim.
The advisory urges system administrators to install the latest security updates from Microsoft, specifically those addressing CVE-2024-21410 for Exchange Server. Additionally, enabling Extended Protection for Authentication is recommended, a feature already implemented by default in Exchange Server 2019 Cumulative Update 14 (CU14).
PTA recommends further mitigation steps including:
- Strengthening configurations for NTLM clients like Outlook.
- Training users to identify phishing attempts and suspicious emails.
- Deploying advanced threat protection solutions.
- Ensuring up-to-date incident response plans and staff training.
Organizations can significantly bolster their defenses by following PTA’s recommendations. These include fortifying NTLM client configurations (like Outlook), educating users on phishing and suspicious emails, deploying advanced threat protection, and maintaining up-to-date incident response plans with trained staff.
