The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory addressing the active exploitation of a critical Exchange Server flaw, designated as CVE-2024-21410. The vulnerability, classified as a critical security threat, involves privilege escalation and an NTLM Relay Attack, specifically targeting Microsoft Exchange Server.

According to PTA, Microsoft has confirmed that the flaw, which exploits NTLM clients like Outlook to leak credentials that can be used against the Exchange server, is being actively exploited. Successful attacks allow unauthorized access to the Exchange server, enabling attackers to perform operations on behalf of the victim.

The advisory asks to install the latest security updates from Microsoft, particularly those addressing CVE-2024-21410 for Exchange Server. Administrators are also advised to ensure that Extended Protection for Authentication is enabled, a measure that Microsoft has already implemented by default in Exchange Server 2019 Cumulative Update 14 (CU14).

To mitigate the threat, the PTA recommends reinforcing configurations for NTLM clients like Outlook, training users to recognize phishing attempts and suspicious emails that could lead to NTLM relay attacks, and deploying advanced threat protection solutions capable of detecting and blocking sophisticated attacks. Additionally, administrators should ensure their incident response plans are current and that staff are well-versed in handling security incidents.