Source: Dark Reading Author: Jai Vijayan, Contributing Writer URL: https://www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april
-
ONE SENTENCE SUMMARY: Microsoft issued guidance on NTLM relay attacks amidst newly discovered zero-day vulnerabilities affecting all Windows versions, pending fixes.
-
MAIN POINTS:
-
Microsoft released guidance to mitigate NTLM relay attacks after researchers found a zero-day vulnerability.
-
The NTLM bug affects all Windows versions from Windows 7 to Windows 11.
-
Credential theft occurs when users view malicious files in Windows Explorer.
-
Microsoft plans to issue a fix for the vulnerability in April.
-
Attackers can exploit the bug based on various environmental factors.
-
This vulnerability is not yet assigned a CVE or CVSS score.
-
Microsoft’s NTLM-related bugs include a prior credential leak reported by ACROS Security.
-
NTLM is a legacy protocol frequently targeted for identity compromise attacks.
-
Microsoft advises enabling Extended Protection for Authentication to enhance security.
-
Office documents and emails in Outlook are common entry points for NTLM exploitation.
-
TAKEAWAYS:
-
Immediate protective measures against NTLM relay attacks are critical for organizations.
-
Awareness of specific vulnerabilities like CVE-2024-21413 can enhance security strategy.
-
Keeping systems updated is vital, especially with legacy protocols involved.
-
Consider using free micropatch solutions for unsupported software vulnerabilities.
-
Stay informed about ongoing threats and vulnerabilities in Windows environments.