-
Exploit released for new Windows Server "WinReg" NTLM Relay attack
Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process.
- October 22, 2024
- 01:26 PM
0
-
Windows 11 to require SMB signing to prevent NTLM relay attacks
Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build (Enterprise edition) rolling out to Insiders in the Canary Channel.
- June 02, 2023
- 02:22 PM
0
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug
Microsoft has confirmed it fixed a previously disclosed 'ShadowCoerce' vulnerability as part of the June 2022 updates that enabled attackers to target Windows servers in NTLM relay attacks.
- July 05, 2022
- 12:17 PM
- 0
-
New DFSCoerce NTLM Relay attack allows Windows domain takeover
A new Windows NTLM relay attack called DFSCoerce has been discovered that uses MS-DFSNM, Microsoft's Distributed File System, to completely take over a Windows domain.
- June 20, 2022
- 04:35 PM
- 0
-
Microsoft fixes new PetitPotam Windows NTLM Relay attack vector
A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack.
- May 14, 2022
- 03:39 PM
- 0
-
Microsoft fixes new NTLM relay zero-day in all Windows versions
Microsoft has addressed an actively exploited Windows LSA spoofing zero-day that unauthenticated attackers can exploit remotely to force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol.
- May 10, 2022
- 03:04 PM
- 0
-
Windows 'RemotePotato0' zero-day gets an unofficial patch
A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "won't fix."
- January 13, 2022
- 12:31 PM
- 0
-
New unofficial Windows patch fixes more PetitPotam attack vectors
A second unofficial patch for the Windows PetitPotam NTLM relay attack has been released to fix further issues not addressed by Microsoft's official security update.
- August 19, 2021
- 02:30 PM
- 1
-
Windows security update blocks PetitPotam NTLM relay attacks
Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain.
- August 10, 2021
- 03:28 PM
- 0
