Multiple Groups Exploit NTLM Flaw in Microsoft Windows
The attacks have been going on since shortly after Microsoft patched the vulnerability in March.
NTLM is a legacy authentication protocol whose weaknesses can enable credential theft, relay attacks, and unauthorized access to network resources.
Search across headline titles and summaries.
Background for this topic.
NTLM (NT LAN Manager) is a Microsoft challenge-response authentication protocol still supported by Windows. It lets a client authenticate without sending the password in plaintext, and may be used when Kerberos is unavailable or when legacy applications, workgroups, or older systems require it. NTLMv1 is obsolete and weak; NTLMv2 improves the challenge-response exchange but retains important design limitations.
NTLM matters because attackers who obtain an NT password hash may use pass-the-hash to authenticate without knowing the password. NTLM authentication can also be relayed to another service when that service lacks protections such as message signing or channel binding, potentially granting access with the victim’s credentials. Defenders should inventory and reduce NTLM use, prefer Kerberos where supported, protect credential material, and enable signing or equivalent relay-resistant protections on relevant protocols. Authentication logs can help identify unexpected NTLM use and legacy dependencies before attempting to disable it.
Weekly headline count for the current query.
The attacks have been going on since shortly after Microsoft patched the vulnerability in March.
This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability.
The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.
Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.
The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.