{"id":6191,"date":"2024-02-23T19:02:07","date_gmt":"2024-02-23T18:02:07","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=6191"},"modified":"2024-02-23T19:02:07","modified_gmt":"2024-02-23T18:02:07","slug":"microsoft-exchange-cve-2024-21410-ranjivost","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2024\/02\/23\/microsoft-exchange-cve-2024-21410-ranjivost\/","title":{"rendered":"Microsoft Exchange CVE-2024-21410 ranjivost"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>Microsoft<\/em> <em>Exchange<\/em> <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21410\" target=\"_blank\" rel=\"noopener\"><em>CVE-2024-21410<\/em><\/a> ranjivost se aktivno iskori\u0161tava, upozorila je kompanija <em>Microsoft<\/em>. Ranjivost ozna\u010dena kao <em>CVE-2024-21410<\/em> (<em>CVSS<\/em> ocjena <em>9.8<\/em>) je opisana kao problem eskalacije privilegija koji omogu\u0107ava <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">napada\u010dima<\/a> da izvr\u0161e napade preno\u0161enja he\u0161a.<\/span><\/p>\n<div id=\"attachment_6193\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-6193\" class=\"size-full wp-image-6193\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Microsoft-Exchange-ranjivost.jpg\" alt=\"Microsoft Exchange\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Microsoft-Exchange-ranjivost.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Microsoft-Exchange-ranjivost-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Microsoft-Exchange-ranjivost-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Microsoft-Exchange-ranjivost-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Microsoft-Exchange-ranjivost-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Microsoft-Exchange-ranjivost-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/02\/Microsoft-Exchange-ranjivost-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-6193\" class=\"wp-caption-text\">Microsoft Exchange CVE-2024-21410 ranjivost; Source: Bing Image Creator<\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/23\/microsoft-exchange-cve-2024-21410-ranjivost\/#MICROSOFT_EXCHANGE_RANJIVOST\">MICROSOFT EXCHANGE RANJIVOST<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/23\/microsoft-exchange-cve-2024-21410-ranjivost\/#AZURIRANJE\">A\u017dURIRANJE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/23\/microsoft-exchange-cve-2024-21410-ranjivost\/#ZAKLJUCAK\">ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/23\/microsoft-exchange-cve-2024-21410-ranjivost\/#ZASTITA\">ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"MICROSOFT_EXCHANGE_RANJIVOST\"><\/span><span style=\"font-size: 14pt;\"><strong><em>MICROSOFT<\/em> <em>EXCHANGE<\/em> RANJIVOST<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Prema infromacijma iz kompanije <em>Microsoft,<\/em> napada\u010d bi mogao da iskoristi gre\u0161ku da prenese korisnikov <em>Net-NTLMv2<\/em> he\u0161 protiv ranjivog servera i da se autentifikuje kao taj korisnik.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">U <em>Windows<\/em> mre\u017ei, <em>NTLM<\/em> \u2013 <em>New Technology LAN Manager<\/em> je skup <em>Microsoft<\/em> bezbjednosnih protokola namijenjenih da korisnicima obezbijede autentifikaciju, integritet i povjerljivost. Mogu\u0107nost napada\u010da da se la\u017eno predstavlja kao legitimni korisnik mo\u017ee se pokazati katastrofalnim.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Po\u0161to su <em>Microsoft Exchange<\/em> serveri, kao i svi serveri elektronske po\u0161te, centralni komunikacioni \u010dvorovi u svakoj organizaciji, kao takvi su veoma privla\u010dni za zlonamjerne aktere. Zbog toga, dobijanje mogu\u0107nosti da se izvr\u0161i napad \u201c<em>pass-the-hash<\/em>\u201d gdje napada\u010d krade \u201c<em>he\u0161irani<\/em>\u201d korisni\u010dki akreditiv i koristi ga za kreiranje nove korisni\u010dke sesije na istoj mre\u017ei, predstavlja ravni put u srce mre\u017ee organizacije.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cNapada\u010d bi mogao da cilja NTLM\u00a0 klijenta kao \u0161to je Outlook \u00a0sa ranjivo\u0161\u0107u tipa koji propu\u0161ta NTLM akreditive. Procurjeli akreditivi se zatim mogu prenijeti na Exchange server da bi stekli privilegije kao klijent \u017ertve i da bi izvr\u0161ili operacije na Exchange serveru u ime \u017ertve.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; <\/em><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-21410\" target=\"_blank\" rel=\"noopener\"><em>Microsoft<\/em><\/a><em> &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Osnovni uzrok ranjivosti se krije u tome, \u0161to <em>NTLM<\/em>\u00a0 <em>Relay Protections<\/em> ili pro\u0161irena za\u0161tita za autentifikaciju (eng. <em>Extended Protection for Authentication \u2013 EPA<\/em>) nije podrazumijevano omogu\u0107ena u <em>Exchange Server 2019<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><strong>\u00a0<\/strong><\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"AZURIRANJE\"><\/span><span style=\"font-size: 14pt;\"><strong>A\u017dURIRANJE<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kao dio a\u017euriranja, kompanija <em>Microsoft<\/em> je podrazumijevano omogu\u0107ila pro\u0161irenu za\u0161titu za autentifikaciju\u00a0 sa <em>Exchange Server 2019<\/em> ispravkom (<em>CU14<\/em>). Bez omogu\u0107ene za\u0161tite, napada\u010d mo\u017ee da cilja <em>Exchange<\/em> server da prenese procurjele <em>NTLM<\/em> akreditive sa drugih ciljeva. Korisnici koji koriste\u00a0 <em>Exchange Server 2019 CU13<\/em> ili stariju verziju, a prethodno su pokrenuli skriptu koja omogu\u0107ava <em>Relay Protections<\/em> za <em>NTLM<\/em> akreditive su za\u0161ti\u0107eni od ove prijetnje.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Me\u0111utim korisnici koji nisu uradili pokretanje skripte, trebalo bi da primjene posljednje dostupno a\u017euriranje.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Otkri\u0107e ranjivosti <em>CVE-2024-21410 <\/em>slu\u017ei kao dobar podsjetnik na va\u017enost pravovremenih a\u017euriranja i primjene pozitivnih bezbjednosnih praksi. Sa potencijalom za rasprostranjene poreme\u0107aje i kompromitovanje <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/16\/podaci-uvod-epizoda-1\/\" target=\"_blank\" rel=\"nofollow noopener\">podataka<\/a>, organizacije \u0161irom sveta moraju brzo da djeluju kako bi osigurale svoje sisteme od ove zna\u010dajne prijetnje.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Iako detalji su detalji\u00a0 o prirodi eksploatacije i identitetu aktera prijetnje koji bi mogli da zloupotrebljavaju nedostatak trenutno su nepoznati, u pro\u0161losti su ovakve ranjivosti iskori\u0161tavali zlonamjerni akteri povezani sa dr\u017eavom. Jedan od njih je i <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/22\/apt28-grupa-cilja-ranjive-cisco-rutere\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>APT28<\/em><\/a> (poznat i kao <em>Fancy Bear, Strontium, Pawn Storm, Sednit Gang ili Sofacy<\/em>) koji ima istoriju iskori\u0161tavanja nedostataka u <em>Microsoft<\/em> <em>Outlook<\/em> softveru za organizovanje <em>NTLM<\/em> relejnih napada.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><span style=\"font-size: 14pt;\"><strong>ZA\u0160TITA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kako bi se umanjio uticaj ove ranjivosti, preporu\u010duju se sljede\u0107e radnje:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">Primjena <em>Exchange Server 2019 Cumulative Update 14 (CU14)<\/em> a\u017euriranja koje uklju\u010duje za\u0161titu <em>NTLM<\/em> akreditiva.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Koristiti <em>ExchangeExtendedProtectionManagement PowerShell<\/em> skriptu za <em>Exchange Server<\/em> verzije starije od 2019. Skriptu je mogu\u0107e na\u0107i na <em>Microsoft<\/em> stranici ili <a href=\"https:\/\/microsoft.github.io\/CSS-Exchange\/Security\/ExchangeExtendedProtectionManagement\/\" target=\"_blank\" rel=\"noopener\">ovdje<\/a>.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Pregledati <em>Microsoft<\/em> dokumentaciju vezanu za pro\u0161irenu za\u0161tita za autentifikaciju (<em>EPA<\/em>) kako bi se identifikovali i rije\u0161ili potencijalni problemi. Potrebno je uraditi temeljnu procjenu okru\u017eenja prije implementacije <em>EPA.<\/em><\/span><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Microsoft Exchange CVE-2024-21410 ranjivost se aktivno iskori\u0161tava, upozorila je kompanija Microsoft. Ranjivost ozna\u010dena kao CVE-2024-21410 (CVSS ocjena 9.8) je opisana kao problem eskalacije privilegija koji omogu\u0107ava napada\u010dima da izvr\u0161e napade preno\u0161enja he\u0161a. MICROSOFT EXCHANGE&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":6193,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[807,808,802,805,801,806,130,255,803,319,804],"class_list":["post-6191","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-cu13","tag-cu14","tag-cve-2024-21410","tag-epa","tag-exchange","tag-exchange-server-2019","tag-microsoft","tag-microsoft-exchange","tag-ntlm","tag-outlook","tag-relay-protections"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=6191"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6191\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/6193"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=6191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=6191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=6191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}