Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. Microsoft addressed the issue on February 13, when it had already been leveraged as a zero-day. Currently, 28,500 servers have been identified as being vulnerable. Exchange Server is widely used in business environments to facilitate communication and collaboration among users, providing email, calendar, contact management, and task management services.
Today, threat monitoring service Shadowserver announced that its scanners have identified approximately 97,000 potentially vulnerable servers. Out of the total 97,000, the vulnerable state for an estimated 68,500 servers depends on whether administrators applied mitigations, while 28,500 are confirmed to be vulnerable to CVE-2024-21410.
Exploitation of CVE-2024-21410 can have serious consequences for an organization because attackers with elevated permissions an Exchange Server can access confidential data like email communication and use the server as a ramp for further attacks on the network.