November 14, 2024 at 01:33AM A newly patched Windows NT LAN Manager (NTLM) vulnerability (CVE-2024-43451) was exploited by a Russia-linked actor in attacks on Ukraine, enabling the theft of user hashes via infected documents. The attack involves phishing emails linking to malicious files, leading to potential financial theft within an hour of compromise. ### Meeting … Read more
November 13, 2024 at 07:15AM Microsoft’s November 2024 Patch Tuesday addressed 90 security flaws, including two actively exploited vulnerabilities in Windows NTLM and Task Scheduler. Notably, CVE-2024-43451 affects NTLMv2 hash disclosure, while CVE-2024-49039 allows privilege escalation. The update also highlights critical vulnerabilities in Azure CycleCloud and .NET, alongside adopting CSAF for improved vulnerability reporting. **Meeting … Read more
October 29, 2024 at 04:30PM Free unofficial micropatches are now available for a Windows Themes zero-day vulnerability that allows NTLM credential theft. Discovered by ACROS Security, this issue affects all updated Windows versions. Users can apply these patches through 0patch while awaiting official fixes from Microsoft, which plans to address the problem promptly. ### Meeting … Read more
October 22, 2024 at 05:31PM Organizations using Open Policy Agent (OPA) for Windows should update to v0.68.0 or later to address a vulnerability (CVE-2024-8260) that exposes user credentials via improper input validation. This flaw allows attackers to exploit authentication processes, highlighting the risks linked to using open-source software. ### Meeting Takeaways: 1. **Update Recommendation**: – … Read more
October 22, 2024 at 10:30AM A recently patched vulnerability in Styra’s Open Policy Agent (CVE-2024-8260) could have allowed attackers to leak NTLM credentials, enabling authentication relay or password cracking. Proper input validation issues and specific prerequisites were identified. This highlights the ongoing risks associated with NTLM, prompting Microsoft to plan its retirement in Windows 11. … Read more
August 10, 2024 at 12:28PM Microsoft disclosed a high-severity vulnerability affecting multiple Office versions, including Office 2016 and Microsoft 365 Apps for Enterprise. Tracked as CVE-2024-38200, the flaw allows unauthorized access to protected information. Although Microsoft is developing security updates, an alternative fix has been released. Blocking outbound NTLM traffic is recommended as a mitigation. … Read more
June 6, 2024 at 08:07AM Microsoft has officially deprecated the NTLM authentication protocol, signaling the need for admins to transition to more secure alternatives. While NTLM will continue to work in future Windows releases, calls to NTLM should be replaced by Negotiate, prioritizing Kerberos authentication. The move is part of Microsoft’s goal to eliminate the … Read more
June 4, 2024 at 11:51AM Microsoft has deprecated NTLM authentication on Windows and Windows servers, encouraging transition to Kerberos or Negotiation authentication for better security. NTLM, an aging protocol still widely used, faces abuse in cyberattacks. Microsoft suggests system administrators audit NTLM usage and transition to Negotiate, with a built-in fallback to NTLM. Detailed transition … Read more
June 4, 2024 at 11:44AM Microsoft has deprecated NTLM authentication on Windows and Windows servers, urging a transition to Kerberos or Negotiation authentication. This is due to security concerns, including cyberattacks like ‘NTLM Relay.’ Users and developers are recommended to utilize auditing tools to facilitate the transition. The replacement can generally be achieved with a … Read more
May 21, 2024 at 06:09AM Microsoft is implementing new security measures for Windows 11, including deprecating NT LAN Manager (NTLM) in favor of Kerberos for authentication. Other changes involve enhancing user authentication, securing Windows Hello with virtualization-based security, and implementing Smart App Control with AI capabilities. These measures aim to strengthen overall security and counter … Read more