None

**Critical Zero-Day Exploit in Progress: Microsoft Confirms Active Attacks on Exchange Servers** Microsoft has disclosed an actively exploited zero-day vulnerability in on-premises Exchange Server 2013, 2016, and 2019, tracked as **CVE-2024-21410** (CVSS score: 9.8). The flaw, a **privilege escalation vulnerability in the Exchange Server’s Outlook Web Access (OWA) component**, allows attackers to escalate privileges to **Domain Administrator** level after gaining initial access—typically through stolen credentials or phishing. The attacks were first detected in **early January 2024** by security researchers at **Trend Micro’s Zero Day Initiative (ZDI)**, who observed threat actors leveraging the exploit in targeted campaigns. Microsoft confirmed the vulnerability on **February 13, 2024**, warning that **unpatched systems are at high risk of compromise**. While no specific threat group has been attributed, the sophistication of the attacks suggests involvement by **state-sponsored or advanced persistent threat (APT) actors**. The exploit chain begins with **authenticated access** to an Exchange server, followed by manipulation of the **OWA backend** to execute arbitrary code with elevated privileges. Successful exploitation grants attackers **full control over the Active Directory domain**, enabling data theft, lateral movement, and deployment of ransomware or espionage tools. Microsoft has noted that **cloud-based Exchange Online customers are not affected**, as the vulnerability resides in the on-premises architecture. A **security update (KB5035606)** was released on **February 13, 2024**, as part of Microsoft’s Patch Tuesday cycle, addressing the flaw. Organizations running affected versions are urged to apply the fix immediately, as proof-of-concept (PoC) exploit code has already surfaced in underground forums. Additionally, Microsoft recommends **enabling Extended Protection for Authentication (EPA)** and **disabling OWA if not in use** as temporary mitigations. The incident underscores the **growing targeting of Exchange servers**, which remain a prime vector for cyberattacks due to their integration with enterprise authentication systems. Previous high-profile Exchange vulnerabilities, such as **ProxyLogon (2021)** and **ProxyShell (2021)**, led to widespread breaches, and this latest flaw follows a similar pattern of **rapid weaponization by threat actors**. Security teams are advised to monitor for unusual **OWA logins, privilege escalation attempts, and domain controller activity** as indicators of compromise.