CVE-2024-21410 Exchange Vulnerability - does Firebox protect from this?
Hello!
We are using Firebox-Cluster with Total Security.
Can the vulnerability be detected and prevented by the Firebox?
We also using Panda Adaptive Defense 360 - does the virus protection also helps here?
Bernd
0
Sign In to comment.
Comments
CVE-2024-21410 is not currently listed in the IPS detected signatures.
This Microsoft article indicates how to protect your Exchange server from this vulnerability.
(missing link now added)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410
Hello Bruce,
thanks for your reply. I would assume from your answer that there will still be an IPS signature, right?
Bernd
No idea. And I have no idea if a reasonable IPS signature for a pass the hash issue is possible.
If you look at the NIST CVE site:
https://nvd.nist.gov/vuln/detail/CVE-2024-21410
is says:
"This vulnerability is currently awaiting analysis."
and
"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable."
No help there.
And, I have no info on Panda Adaptive Defense 360 capabilities related to this.
Thanks anyway. But I'm still sure that your colleagues will "work their magic" here too. Unfortunately, trusting Microsoft alone is not enough these days.
Bernd
FYI - I don't work for WG.
OK, understood.
you have made almost 4000 posts - that looks a lot like an watchguard employee
Hi @BerndW
It doesn't look like Microsoft has released the full details of the exploit yet. There aren't any signatures for this exploit as of this moment.
Based off the documents that Microsoft has released - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410 - it appears that if your Exchange server had/has been exploited, the attacker would already have the password hash for those users and authorization attempts would (likely) look the same as normal ones.
The best defense for this exploit is to follow the vendor's instructions and patch.
-James Carson
WatchGuard Customer Support