Security News > 2022 > May > Microsoft fixes new NTLM relay zero-day in all Windows versions
Microsoft has addressed an actively exploited Windows LSA spoofing zero-day that unauthenticated attackers can exploit remotely to force domain controllers to authenticate them via the Windows NT LAN Manager security protocol.
The vulnerability, tracked as CVE-2022-26925 and reported by Bertelsmann Printing Group's Raphael John, has been exploited in the wild and seems to be a new vector for the PetitPotam NTLM relay attack.
LockFile ransomware operators have abused the PetitPotam NTLM relay attack method to hijack Windows domains and deploy malicious payloads.
Microsoft advises Windows admins to check PetitPotam mitigations and mitigation measures against NTLM Relay Attacks on Active Directory Certificate Services for more info on protecting their systems from CVE-2022-26925 attacks.
Installing these updates also comes with downsides on systems running Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, as they will break backup software from some vendors.
CVE-2022-26925 impacts all Windows versions, including client and server platforms, starting from Windows 7 and Windows Server 2008 to Windows 11 and Windows 2022.
News URL
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Lazarus hackers exploited Windows zero-day to gain Kernel privileges (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Microsoft rolls back decision to stop Windows 11 22H2 preview updates (source)
- Windows Kernel bug fixed last month exploited as zero-day since August (source)
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-10 | CVE-2022-26925 | Missing Authentication for Critical Function vulnerability in Microsoft products Windows LSA Spoofing Vulnerability | 5.9 |