1 min read

Mitigation Instructions for Microsoft Exchange Server CVE-2024-21410

Mitigation Instructions for Microsoft Exchange Server CVE-2024-21410

SUBJECT: Critical Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

TECH STACK:  Microsoft Exchange Server 2016, 2019

DATE(S) ISSUED:  02/13/2024

NVD Last Modified:  02/26/2024



 This document outlines mitigation steps to address a critical vulnerability (CVE-2024-21410) in Microsoft Exchange Server versions 2016, 2019. This vulnerability allows attackers to potentially elevate privileges and gain unauthorized access to your system. CISA considers this vulnerability actively exploited, so prompt action is crucial.

  • Install Security Updates:
  • Exchange Server 2016: Install Cumulative Update 24 (CU24) or later.
  • Exchange Server 2019: Install Cumulative Update 14 (CU14) or later.
  • Refer to Microsoft Security Response Center (MSRC) update guidance for detailed instructions
  • Implement Extended Protection (Optional):
  • Enable Extended Protection within your organization for an additional layer of security.

Discontinue Use (Last Resort):

  • If installing updates or implementing Extended Protection is not possible, consider discontinuing the use of the affected Exchange Server version as a last resort.

Confirmation & Additional Information:

  1. Regularly monitor your systems for signs of compromise.
  2. Consider deploying additional security measures like network segmentation and intrusion detection/prevention systems.

Remember: Applying these mitigations is crucial to protect your systems from exploitation. Prompt action is highly recommended.