Security News

Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllers
2021-07-27 14:09

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller. Microsoft is sounding an alert about a threat against Windows domain controllers that would allow attackers to capture NTLM credentials and certificates.

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
2021-07-26 22:19

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authentication information.

Microsoft shares mitigations for new PetitPotam NTLM relay attack
2021-07-24 23:38

Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. PetitPotam is a new method that can be used to conduct an NTLM relay attack discovered by French security researcher Gilles Lionel.

NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability
2021-04-27 00:16

A newly identified NTLM relay attack abuses a remote procedure call vulnerability to enable elevation of privilege, researchers from cybersecurity firm SentinelOne reveal. The researchers used a DCOM client that was instructed to connect to a RPC server, operation that involved two NTLM authentications, one without the "Sign flag" being set, and also leveraged the fact that the DCOM activation service can be abused to trigger RPC authentication.

CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability
2021-01-25 15:11

One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface. Tracked as CVE-2021-1678, the vulnerability has been described by Microsoft as an NT LAN Manager security feature bypass, and is rated important for all affected Windows versions, namely, Windows Server, Server 2012 R2, Server 2008, Server 2016, Server 2019, RT 8.1, 8.1, 7, and 10.

The patch that wasn't: Cisco emits fresh fixes for NTLM hash-spilling vuln and XSS-RCE combo in Jabber app
2020-12-10 17:30

A previous patch for Cisco's Jabber chat product did not in fact fix four vulnerabilities - including one remote code execution flaw that would allow malicious people to hijack targeted devices by sending a carefully crafted message. Watchcom added: "The patch released in September only patched the specific injection points that Watchcom had identified. The underlying issue was not addressed. We were therefore able to find new injection points that could be used to exploit the vulnerabilities."

Microsoft NTLM vulnerabilities could lead to full domain compromise
2019-10-10 12:58

Preempt researchers have discovered two vulnerabilities that may allow attackers to bypass a number of protections and mitigations against NTLM relay attacks and, in some cases, to achieve full...

Microsoft Patches Critical Vulnerabilities in NTLM
2019-06-12 16:04

Microsoft on Tuesday released security patches for nearly 90 vulnerabilities, including two Critical bugs impacting the proprietary authentication protocol NTLM.  read more

How to protect your network against security flaws in Microsoft's NTLM protocol
2019-06-11 17:00

Vulnerabilities in NTLM recently discovered by security provider Preempt could allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that...

Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine
2019-06-11 16:57

The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These vulnerabilities allow...