Security News > 2024 > December > Microsoft enforces defenses preventing NTLM relay attacks

Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets disabled by default, Microsoft is working on shoring up defenses against NTLM relay attacks. How do NTLM relay attacks work? NTLM is a suite of Microsoft protocols that authenticate users and computers based on a challenge/response mechanism between the client (which seeks to be authenticated) and server (which … More → The post Microsoft enforces defenses preventing NTLM relay attacks appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/12/11/ntlm-relay-attacks-defenses-windows-server-exchange/
Related news
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- 41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)