The tech giant said hackers were exploiting a bug in the system, known as CVE-2024-21410 before it was fixed in the latest batch of updates.

The hackers could use the flaw to take over the Exchange Server from anywhere without needing a password. They could then use this access to trick other devices on the network into logging in with their server, allowing them to impersonate those devices and get more power.

Vole said the hackers could use this trick to steal passwords from an NTLM client like Outlook. These stolen passwords could then be used to get even more control over the Exchange server.

Vole released an update to fix the issue as part of its February 2024 Patch Tuesday. This update, called Cumulative Update 14 (CU14) for Exchange Server 2019, adds protection against NTLM relay attacks. These protections, called Extended Protection for Authentication (EPA), are meant to stop hackers from hijacking and spying on the network.
EPA support for Exchange Server

Vole introduced EPA support for Exchange Server in August 2022 and said it would be turned on by default on all servers after installing CU14. Now, with the latest update, Vole has kept its promise.

For those using older versions of Exchange Server, like Exchange Server 2016, admins can turn on EPA using the ExchangeExtendedProtectionManagement PowerShell script. However, they should check Vole's documentation and consider potential problems before turning on EPA to ensure the system runs smoothly.