New Windows PetitPotam NTLM Relay attack vector fixed in May updates
A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. [...]
Stay informed on infosec trends, threats, and strategies with the latest updates and expert insights in Information Security.
Search across headline titles and summaries.
Background for this topic.
Fixed is a status indicating that a security issue has been addressed through a corrective change, such as a software patch, code change, configuration update, or removal of an affected component. In vulnerability tracking, it usually describes the issue under specified conditions and versions; it does not automatically prove that every affected asset has been updated or that exploitation is impossible.
For vulnerability management, practitioners should verify the fix’s scope, deployment, and effectiveness through testing, rescanning, or other evidence. Incomplete rollout, an overlooked instance, a dependent vulnerable component, or a regression can leave exposure despite a “Fixed” label. Records should distinguish fixed from mitigated or accepted, identify affected assets and versions, and retain validation dates. If the issue was exploited before remediation, fixing it does not establish that an attacker’s access or changes have been removed; that requires separate investigation.
A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. [...]
Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago. [...]
Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago. [...]
The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious versions with the same file names and version numbers. [...]