March 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Dell EMC Unity Appliances Vulnerabilities
February 14, 2024Rewterz Threat Alert – Remcos RAT – Active IOCs
February 14, 2024Rewterz Threat Advisory – Multiple Dell EMC Unity Appliances Vulnerabilities
February 14, 2024Rewterz Threat Alert – Remcos RAT – Active IOCs
February 14, 2024
Severity
Medium
Analysis Summary
CVE-2024-21394 CVSS:7.6
Microsoft Dynamics 365 (on-premises) could allow a remote authenticated attacker to conduct spoofing attacks via the Field Service.
CVE-2024-21315 CVSS:7.8
Microsoft Defender for Endpoint for Windows could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2024-20679 CVSS:6.5
Microsoft Azure Stack Hub could allow a remote attacker to conduct spoofing attacks.
CVE-2024-21401 CVSS:9.4
Microsoft Entra Jira Single-Sign-On Plugin could allow a remote attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to update Entra ID SAML metadata and information for the plugin.
CVE-2024-21378 CVSS:8
Microsoft Outlook could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper neutralization of user input by the Preview Pane. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21410 CVSS:9.8
Microsoft Exchange Server could allow a remote attacker to gain elevated privileges on the system, caused by the leakage of user credentials by the NTLM client. By sending a specially crafted request, an attacker could exploit this vulnerability to relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user, allowing the attacker to obtain the privileges of the victim client and carry out operations on the Exchange server on the victim’s behalf.
Impact
- Gain Access
- Code Execution
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2024-21394
- CVE-2024-21315
- CVE-2024-20679
- CVE-2024-21401
- CVE-2024-21378
- CVE-2024-21410
Affected Vendors
Microsoft
Affected Products
- Microsoft 365 Apps for Enterprise x32
- Microsoft 365 Apps for Enterprise x64
- Microsoft Office LTSC 2021 x32
- Microsoft Office 2019 x32
- Microsoft Office 2019 x64
- Microsoft Exchange Server 2016 CU23
- Microsoft Dynamics 365 (on-premises) 9.1
- Microsoft Outlook 2016 x32
- Microsoft Outlook 2016 x64
- Microsoft Exchange Server 2019 CU13
- Microsoft Defender for Endpoint for Windows on Windows 10 1809 for x64-based Systems
- Microsoft Defender for Endpoint for Windows on Windows 10 1809 for ARM64-based Systems
- Microsoft Defender for Endpoint for Windows on Windows 10 1809 for 32-bit Systems
- Microsoft Azure Stack Hub
- Microsoft Entra Jira Single-Sign-On Plugin
- Microsoft Exchange Server 2019 CU14
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.