Immediately fix critical vulnerabilities in Windows NTLM security protocol
Microsoft has released a security patch for a particularly serious security vulnerability that affects all versions of Windows operating systems for businesses released since 2007.
Researchers on Firewall Preempt behavior have discovered two new vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create an administrator account with a new domain name (domain) and control the entire domain.
See details at: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/f2b16606-4945-e711-80dc-000d3a32fc99
NT LAN Manager (NTLM) is an old authentication protocol used on networks - including Windows systems and standalone systems.
Although NTLM has been replaced with Kerberos in Windows 2000, it still provides better security for systems on the same network, which is still supported by Microsoft and widely used.
The first vulnerability related to the Lightweight Directory Access Protocol (LDAP) is not protected on NTLM and the second vulnerability affects the Restricted-Admin Remote Desktop Protocol (RDP) mode . These vulnerabilities make it easier for attackers to perform LDAP operations such as updating domain objects instead of NTLM users, accessing unauthorized information and allowing connection to remote computers without a need. password.
In a blog post, Yaron Zinar said: " To realize how serious the problem is, we must know all Windows protocols using the Windows Authentication API (SSPI) to allow downgrade. authenticated to NTLM . "
According to Preempt researchers, RDP Restricted-Admin allows NTLM downgrade authentication systems. This means that attacks performed with NTLM such as relaying authentication information and password breaks can also be performed against RDP Restricted-Admin.
When combined with an LDAP vulnerability, an attacker can create a fake domain admin account when the admin connects to RDP Restricted-Admin and controls the entire domain.
Microsoft said an attacker could exploit this vulnerability by running a special application to send malicious traffic to the domain controller. We can update these vulnerabilities by combining improvements to authentication protocols designed to minimize attacks.
Therefore, system administrators are encouraged to patch vulnerable servers by activating NT LAN Manager as soon as possible.
Besides leaking this NTLM, Microsoft has also released patches for 55 security holes, including 19 important products including Edge, Internet Explorer, Windows, Office, Office Services, Web Apps, and .NET Framework. and Exchange Server .
Windows users are advised to install the latest update immediately to protect themselves in ongoing attacks.
You should read it
- IBM developed a new technology to patch security holes
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- The security risks of RDP
- 9 misconceptions about security and how to resolve
- 5 common errors in managing security vulnerabilities
- Find security holes on every site with Nikto
- Sorry, Kaspersky, Microsoft is building more security tools in Windows 10 Fall Creators Update
- 'XP mode' in Windows 7 can be compromised by security
May be interested
- 13 popular applications have serious security vulnerabilities, users need to update immediatelyapple and the citizen lab have just discovered a serious security vulnerability, affecting a series of popular applications and millions of internet users.
- 12 Android applications have security holes, users should update immediatelysecurity vulnerabilities have been discovered in android applications and system components on xiaomi phones, allowing criminals to access arbitrary activities and services with system privileges, steal files...
- Warning: Vulnerability in Windows' HTTP Protocol Stack attacks remote code execution, no authentication requiredrecently, the ncsc cybersecurity monitoring center recorded an exploit code for a critical security vulnerability cve-2022-21907 in windows' http protocol stack.
- Microsoft fixes 8 critical vulnerabilitieson june 13, microsoft issued eight security patches for vulnerabilities in windows operating systems, internet explorer, windows media player and office software.
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windowsalthough microsoft releases patches for windows vulnerabilities on a monthly basis, there are still security issues that remain. recently, the us cybersecurity and infrastructure agency (cisa) reported a critical vulnerability in the windows print spooler system.
- Microsoft fixes 149 security vulnerabilities on Windows, users should update immediatelymicrosoft just released an april security update to fix 149 security vulnerabilities on windows, two of which are actively exploited in the wild.
- Windows users need to update their software immediatelyrecently, microsoft has officially released a new update, helping to fix 108 critical vulnerabilities.
- Detected Critical Security Bugs Affecting All Versions of Windowsa critical security vulnerability, affecting all versions of windows, has just been discovered. notably, there are indications that hackers have exploited this security hole to attack users.
- Critical vulnerabilities discovered in Framework Electron, Skype, Slack, Twitch and a series of affected appsthe framework of a variety of popular desktop applications such as skype, slack, signal, twitch ... appears a serious security hole. it is important that this vulnerability only affects windows.
- Windows 7 users need to install Microsoft patches immediately to fix BlueKeep security errorstoday, windows 7 or older users need to install important patches to fix recently discovered security bugs on older windows versions.