"Microsoft Exchange Server Vulnerability (CVE-2024-21410) Exploited and Patched"
Microsoft has confirmed active exploitation of a critical security flaw (CVE-2024-21410) in Exchange Server, enabling privilege escalation and NTLM relay attacks. The company has released fixes as part of its Patch Tuesday updates, also addressing two other Windows flaws (CVE-2024-21351 and CVE-2024-21412) actively weaponized in real-world attacks. Additionally, a critical vulnerability (CVE-2024-21413) affecting Outlook email software has been patched, allowing for remote code execution by bypassing security measures. Threat actors, including Russian state-affiliated hacking groups, have a history of exploiting such flaws, with details about the current exploitation and threat actors unknown.