Source: Dark Reading Author: Jai Vijayan, Contributing Writer URL: https://www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april

ONE SENTENCE SUMMARY:

Microsoft issued guidance on NTLM relay attacks amidst newly discovered zero-day vulnerabilities affecting all Windows versions, pending fixes.

MAIN POINTS:

1. Microsoft released guidance to mitigate NTLM relay attacks after researchers found a zero-day vulnerability.
2. The NTLM bug affects all Windows versions from Windows 7 to Windows 11.
3. Credential theft occurs when users view malicious files in Windows Explorer.
4. Microsoft plans to issue a fix for the vulnerability in April.
5. Attackers can exploit the bug based on various environmental factors.
6. This vulnerability is not yet assigned a CVE or CVSS score.
7. Microsoft’s NTLM-related bugs include a prior credential leak reported by ACROS Security.
8. NTLM is a legacy protocol frequently targeted for identity compromise attacks.
9. Microsoft advises enabling Extended Protection for Authentication to enhance security.
10. Office documents and emails in Outlook are common entry points for NTLM exploitation.

TAKEAWAYS:

1. Immediate protective measures against NTLM relay attacks are critical for organizations.
2. Awareness of specific vulnerabilities like CVE-2024-21413 can enhance security strategy.
3. Keeping systems updated is vital, especially with legacy protocols involved.
4. Consider using free micropatch solutions for unsupported software vulnerabilities.
5. Stay informed about ongoing threats and vulnerabilities in Windows environments.