CVE-2024-21410 Exchange Vulnerability - does Firebox protect from this?


We are using Firebox-Cluster with Total Security.
Can the vulnerability be detected and prevented by the Firebox?
We also using Panda Adaptive Defense 360 - does the virus protection also helps here?



  • Options
    edited February 16

    CVE-2024-21410 is not currently listed in the IPS detected signatures.

    This Microsoft article indicates how to protect your Exchange server from this vulnerability.
    (missing link now added)

  • Options

    Hello Bruce,

    thanks for your reply. I would assume from your answer that there will still be an IPS signature, right?


  • Options
    edited February 16

    No idea. And I have no idea if a reasonable IPS signature for a pass the hash issue is possible.

    If you look at the NIST CVE site:
    is says:
    "This vulnerability is currently awaiting analysis."
    "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable."

    No help there.

    And, I have no info on Panda Adaptive Defense 360 capabilities related to this.

  • Options

    Thanks anyway. But I'm still sure that your colleagues will "work their magic" here too. Unfortunately, trusting Microsoft alone is not enough these days.


  • Options

    FYI - I don't work for WG.

  • Options

    OK, understood.
    you have made almost 4000 posts - that looks a lot like an watchguard employee B)

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @BerndW
    It doesn't look like Microsoft has released the full details of the exploit yet. There aren't any signatures for this exploit as of this moment.

    Based off the documents that Microsoft has released - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410 - it appears that if your Exchange server had/has been exploited, the attacker would already have the password hash for those users and authorization attempts would (likely) look the same as normal ones.

    The best defense for this exploit is to follow the vendor's instructions and patch.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.