Experts Detail A Recent Remotely Exploitable Windows Vulnerability
Jan 23, 2021
More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager ( NTLM ) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a "remotely exploitable" bug found in a vulnerable component bound to the network stack, although exact details of the issue remained unknown. Now according to researchers from Crowdstrike, the security bug, if left unpatched, could allow a bad actor to achieve remote code execution via an NTLM relay. "This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler MSRPC interface to remotely execute code on the attacked machine," the researchers said in a Friday advisory. NTLM relay attacks are a kind of man-in-the-middle (MitM) attacks that typically permit attackers with access to a network to interce...
