- Description
- Microsoft Exchange Server Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- exchange_server
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft Exchange Server Privilege Escalation Vulnerability
- Exploit added on
- Feb 15, 2024
- Exploit action due
- Mar 7, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-287
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
New Russian APT "Void Blizzard" breached Dutch police via unpatched Exchange servers, stealing sensitive data. The group shows ties to GRU and now uses AI voice cloning in attacks. Patch CVE-2024-21410. Details: https://t.co/PQmsNGxnxm
@RedTeamNewsBlog
27 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation https://t.co/PbD90C99sp
@DevaultcybrPlus
15 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802"
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371"
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C98993B-82A5-48CC-947F-896CEA0CDB7F"
}
],
"operator": "OR"
}
]
}
]