How to protect your network against security flaws in Microsoft's NTLM protocol


Vulnerabilities in NTLM recently discovered by security provider Preempt could allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication.

Microsoft's NTLM (NT LAN Manager) is an older and now outdated security protocol that authenticates user credentials in a Windows domain. Though Microsoft has long since replaced NTLM with Kerberos as the default authentication method for Active Directory, the company still supports the older protocol, while recommending that customers adopt Kerberos instead.

As we all know, even though a technology or protocol is old, outdated, or no longer recommended, that doesn't mean organizations no longer use it. The problem is that NTLM is continually plagued by security holes. In a report released on Tuesday, security provider Preempt describes the latest flaws and offers advice on how to protect your network against them.

In its report, Preempt said that it recently uncovered two critical Microsoft vulnerabilities based on three logical flaws in NTLM. These vulnerabilities could allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA), such as Exchange or ADFS. Preempt's research indicates that all versions of Windows are susceptible to these flaws.

One major pitfall in NTLM is that it's open to relay attacks, the report noted, a process that lets attackers capture an authentication on one server and then relay it to another server, opening the door for them to control the remote server using those same credentials.

Read more : ms lan manager

Comments

Popular posts from this blog

How Does VPN Work in network system?

what are Internet Protocol-based cameras

set up a VPN or Proxy