Security News > 2019 > June > Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine
2019-06-11 16:57
The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These vulnerabilities allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. The research shows that all Windows versions are vulnerable. The flaws allow attackers to bypass existing mitigations NTLM is susceptible to relay attacks, … More → The post Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Gwn5dXfPLhk/
Related news
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)