Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday.

Discovered internally and tracked as CVE-2024-21410, this security flaw can let remote unauthenticated threat actors escalate privileges in NTLM relay attacks targeting vulnerable Microsoft Exchange Server versions.