Microsoft Rolls Out Default NTLM Relay Attack Mitigations

December 10, 2024 at 06:29AM Microsoft has introduced enhanced security measures to combat NTLM relay attacks on Exchange servers, including enabling Extended Protection for Authentication (EPA) and channel binding by default. These changes aim to safeguard accounts from exploitation via vulnerabilities, ensuring a more secure environment as the company plans to phase out NTLM usage … Read more

Exploit released for new Windows Server “WinReg” NTLM Relay attack

October 22, 2024 at 01:33PM Public exploit code has been released for CVE-2024-43532, a vulnerability in Microsoft’s Remote Registry client that may allow attackers to downgrade authentication security. It affects Windows server versions from 2008 to 2022 and Windows 10/11, enabling potential domain takeover through NTLM authentication relay attacks. A fix has been issued. ### … Read more

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

February 15, 2024 at 12:21AM Microsoft has confirmed active exploitation of a critical security flaw in Exchange Server, allowing attackers to gain privileges and execute operations. It has released patches to address this and other vulnerabilities in its Patch Tuesday updates. Threat actors, including APT28, have a history of exploiting such flaws for NTLM relay … Read more