Billionaire Stanley Druckenmiller Is Selling Nvidia and Palantir and Piling Into One of Wall Street's Hottest Drug Stocks Ahead of 2025

 

A second zero-day vulnerability has been discovered in Microsoft's NTLM protocol, potentially enabling attackers to steal user credentials.

Microsoft has recently released updated guidance to mitigate NTLM relay attacks, but a critical zero-day vulnerability in all versions of Windows, from Windows 7 to Windows 11, remains unpatched. This flaw could allow attackers to steal user credentials through simple actions like opening a shared folder or a malicious file.

The NTLM Zero-Day Threat

Researchers at ACROS Security discovered this vulnerability, which enables attackers to capture NTLM hashes by tricking users into opening malicious files. While Microsoft has classified the vulnerability as "Important," it's crucial to note that it won't be patched until April 2025.

Mitigating NTLM Risks

To protect your organization from NTLM-based attacks, consider the following steps:

• Enable Extended Protection for Authentication (EPA): This security measure strengthens authentication by adding an extra layer of protection. Microsoft recommends enabling EPA for LDAP, AD CS, and Exchange Server.

• Disable NTLM Where Possible: If your environment allows, disable NTLM and rely on more secure authentication protocols like Kerberos.

• Keep Systems Updated: Regularly update your systems to the latest security patches to address vulnerabilities.

• Implement Strong Password Policies: Enforce strong, unique passwords and enable multi-factor authentication (MFA) to enhance security.

• Network Segmentation: Segment your network to limit the impact of a potential breach.

• Monitor Network Traffic: Use network monitoring tools to detect and respond to suspicious activity.

• User Awareness Training: Educate users about the risks of phishing attacks and social engineering tactics.

The Persistent Threat of NTLM

NTLM, a legacy authentication protocol, continues to pose significant security risks due to its inherent vulnerabilities. While Microsoft has taken steps to mitigate these risks, it's essential for organizations to remain vigilant and implement robust security measures.

Conclusion

The recent discovery of the NTLM zero-day vulnerability highlights the ongoing threat posed by legacy protocols. By following the recommended mitigation strategies and staying informed about the latest security threats, organizations can significantly reduce their exposure to NTLM-related attacks.