Tag: ntlm

Microsoft to disable NTLM by default in future Windows releases

Jan 30, 2026 7:24 PM

Tags: authentication, microsoft, ntlm, vulnerability, windows

Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-ntlm-by-default-in-future-windows-releases/
Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it

Jan 19, 2026 11:13 PM

Tags: attack, authentication, computer, credentials, crypto, cve, data, data-breach, email, encryption, group, Hardware, international, mandiant, microsoft, network, ntlm, phishing, risk, service, supply-chain, theft, threat, vulnerability, windows

pass-the-hash. The benefit is time and money saved: Mandiant reckons its rainbow table allows the recovery of an NTLMv1 key in 12 hours using a computer costing $600, rather than relying on third party services or expensive hardware to brute-force the keys.None of this makes NTLMv1 less secure or easier to target than it already…
âš¡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

Jan 19, 2026 3:13 PM

Tags: ai, attack, cybersecurity, exploit, fortinet, ntlm, service, tool, update

In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small…
Windows SMB Client Vulnerability Exposes Organizations to Full Active Directory Compromise

Jan 19, 2026 3:13 PM

Tags: authentication, cve, cyber, flaw, ntlm, threat, vulnerability, windows

A severe vulnerability in Windows Server Message Block (SMB) client authentication hasemergedas a critical threat to Active Directory environments. CVE-2025-33073, a logical flaw in NTLM reflection handling, enables authenticated attackers to escalate to SYSTEM-level privileges and compromise domain controllers, potentially allowing them to take over entire Active Directory forests. Field Value CVE ID CVE-2025-33073 Vulnerability…
New Kerberos Relay Technique Exploits DNS CNAMEs to Bypass Existing Defenses

Jan 19, 2026 7:13 AM

Tags: attack, authentication, credentials, cve, cyber, defense, dns, exploit, flaw, ntlm, service, threat, vulnerability, windows

A critical vulnerability in Windows Kerberos authentication that enables attackers to conduct credential-relay attacks by exploiting DNS CNAME records. Tracked as CVE-2026-20929, this flaw allows threat actors to force victims into requesting Kerberos service tickets for attacker-controlled systems, facilitating lateral movement and privilege escalation even when NTLM authentication is entirely disabled. CVE ID Vulnerability Name…
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Jan 14, 2026 12:04 AM

Tags: access, attack, best-practice, cloud, cve, cyber, exploit, firmware, flaw, Internet, malicious, microsoft, mitre, ntlm, office, rce, remote-code-execution, service, social-engineering, sql, technology, update, vulnerability, windows, zero-day

8Critical 105Important 0Moderate 0Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. Our counts omitted one CVE that was assigned by…
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Jan 14, 2026 12:04 AM

Tags: access, attack, best-practice, cloud, cve, cyber, exploit, firmware, flaw, Internet, malicious, microsoft, mitre, ntlm, office, rce, remote-code-execution, service, social-engineering, sql, technology, update, vulnerability, windows, zero-day

8Critical 105Important 0Moderate 0Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. Our counts omitted one CVE that was assigned by…
Hidden .NET HTTP proxy behavior can open RCE flaws in apps, a security issue Microsoft won’t fix

Dec 11, 2025 5:32 AM

Tags: api, control, credentials, cve, endpoint, exploit, flaw, framework, ivanti, leak, microsoft, monitoring, ntlm, powershell, programming, rce, remote-code-execution, service, vulnerability

ServiceDescriptionImporter class,” he said. “That mechanism alone enabled successful exploitation in products from Barracuda, Ivanti, Microsoft and Umbraco, and it took only a few days of review to find working cases.” The .NET Framework and ASP.NET are among the most popular programming languages for enterprise applications. When a developer wants their application to communicate with…
The nexus of risk and intelligence: How vulnerability-informed hunting uncovers what everything else misses

Nov 19, 2025 3:49 PM

Tags: access, attack, authentication, business, cisa, compliance, cve, cvss, dark-web, data, defense, detection, dns, edr, endpoint, exploit, framework, intelligence, kev, linux, malicious, mitigation, mitre, monitoring, ntlm, nvd, open-source, password, powershell, remote-code-execution, risk, risk-management, siem, soc, strategy, tactics, technology, threat, update, vulnerability, vulnerability-management

Turning vulnerability data into intelligence: Once vulnerabilities are contextualized, they can be turned into actionable intelligence. Every significant CVE tells a story, known exploit activity, actor interest, proof-of-concept code or links to MITRE ATT&CK techniques. This external intelligence gives us the who and how behind potential exploitation.For example, when a privilege escalation vulnerability in Linux…
Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server

Nov 1, 2025 1:20 AM

Tags: access, antivirus, attack, authentication, best-practice, business, cloud, control, cyber, data, defense, encryption, exploit, identity, mail, microsoft, mitigation, ntlm, risk, service, threat, update, windows

The guidance: The guidance states admins should treat on-prem Exchange servers as being “under imminent threat,” and itemizes key practices for admins:First, it notes, “the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)”;It points out that Microsoft Exchange Server Subscription Edition (SE) is the…
Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server

Nov 1, 2025 1:20 AM

Tags: access, antivirus, attack, authentication, best-practice, business, cloud, control, cyber, data, defense, encryption, exploit, identity, mail, microsoft, mitigation, ntlm, risk, service, threat, update, windows

The guidance: The guidance states admins should treat on-prem Exchange servers as being “under imminent threat,” and itemizes key practices for admins:First, it notes, “the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)”;It points out that Microsoft Exchange Server Subscription Edition (SE) is the…
Microsoft Boosts Windows Security by Disabling File Previews for Downloads

Oct 24, 2025 9:26 AM

Tags: credentials, cyber, exploit, Internet, microsoft, ntlm, update, vulnerability, windows

Microsoft has rolled out a significant security enhancement to Windows File Explorer, automatically disabling the preview pane for files downloaded from the internet as part of security updates released on and after October 14, 2025. This proactive measure targets a long-standing vulnerability that attackers have exploited to harvest NTLM hashes and sensitive credentials used for…
CISA Flags Highly Exploitable Windows SMB Flaw

Oct 22, 2025 12:26 AM

Tags: attack, cisa, cybersecurity, exploit, flaw, infrastructure, microsoft, mitigation, network, ntlm, windows

NTLM Reflection Attack Strikes Again. A three-month old flaw in a network protocol for file sharing used by Microsoft is under active exploitation, warns the U.S. Cybersecurity and Infrastructure Security Agency. The flaw’s exploitation bypasses mitigations Microsoft has built over the years to prevent NTLM reflection attacks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisa-flags-highly-exploitable-windows-smb-flaw-a-29778
Service Accounts in Active Directory: These OG NHIs Could Be Your Weakest Link

Sep 23, 2025 10:16 PM

Tags: access, ai, attack, authentication, breach, cloud, computer, control, credentials, cyber, data, exploit, group, identity, infrastructure, microsoft, ntlm, password, risk, saas, service, software, switch

While non-human identities (NHIs) in cloud and SaaS operations may be getting lots of attention right now, securing your Active Directory service accounts can go a long way in reducing risk. Here are three steps you can take right now. Key takeaways Expect sprawl: Agentic AI and cloud native development accelerate non-human identity (NHI) growth. …
Microsoft’s Patch Tuesday: About 80 Vulnerabilities Patched

Sep 12, 2025 8:16 AM

Tags: authentication, flaw, microsoft, ntlm, office, update, vulnerability, windows

An elevation of privilege vulnerability in the Windows NTLM authentication protocol and a flaw in Office’s Preview Pain are among the most important to patch. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-september-2025/
Microsoft’s Patch Tuesday: About 80 Vulnerabilities Patched

Sep 12, 2025 8:16 AM

Tags: authentication, flaw, microsoft, ntlm, office, update, vulnerability, windows

An elevation of privilege vulnerability in the Windows NTLM authentication protocol and a flaw in Office’s Preview Pain are among the most important to patch. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-september-2025/
Patch Tuesday priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-V

Sep 10, 2025 5:16 PM

Tags: access, attack, authentication, awareness, business, ciso, control, cve, cvss, data, exploit, flaw, ibm, infrastructure, Internet, microsoft, mitigation, network, ntlm, oracle, remote-code-execution, risk, sans, sap, service, software, threat, unauthorized, update, vulnerability, windows, zero-day

CSO. “The sole fact of being it a deserialization vulnerability, exploitable in an unauthenticated way, makes it very critical,” he said. “The positive side of this vulnerability for defenders is that it is exploitable through a protocol that is not typically internet-facing, the RMI-P4 SAP protocol.” Deserialization vulnerabilities are common in products like NetWeaver, Johannes Ullrich,…
Patch Tuesday priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-V

Sep 10, 2025 5:16 PM

Tags: access, attack, authentication, awareness, business, ciso, control, cve, cvss, data, exploit, flaw, ibm, infrastructure, Internet, microsoft, mitigation, network, ntlm, oracle, remote-code-execution, risk, sans, sap, service, software, threat, unauthorized, update, vulnerability, windows, zero-day

CSO. “The sole fact of being it a deserialization vulnerability, exploitable in an unauthenticated way, makes it very critical,” he said. “The positive side of this vulnerability for defenders is that it is exploitable through a protocol that is not typically internet-facing, the RMI-P4 SAP protocol.” Deserialization vulnerabilities are common in products like NetWeaver, Johannes Ullrich,…
Microsoft Patchday September 2025 – HPC Pack mit CVSS 9.8 und NTLM mit 8.8 als Hauptangriffsvektoren

Sep 10, 2025 5:16 PM

Tags: cvss, microsoft, ntlm

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-september-2025-windows-updates-a-6a6019204714a5acc7ec85e52d6b014f/
MITM6 + NTLM Relay Attack Enables Full Domain Compromise

Aug 21, 2025 12:54 PM

Tags: attack, credentials, cyber, cybersecurity, exploit, network, ntlm, windows

Cybersecurity researchers are highlighting a dangerous attack technique that combines rogue IPv6 configuration with NTLM credential relay to achieve complete Active Directory domain compromise, exploiting default Windows configurations that most organizations leave unchanged. Attack Leverages Default Windows IPv6 Behavior The MITM6 + NTLM Relay attack exploits Windows systems’ automatic DHCPv6 requests, even in networks that…
MITM6 + NTLM Relay: How IPv6 Auto-Configuration Leads to Full Domain Compromise

Aug 21, 2025 6:54 AM

Tags: ntlm

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/mitm6-ntlm-relay-how-ipv6-auto-configuration-leads-to-full-domain-compromise
Microsoft Entra Private Access brings conditional access to on-prem Active Directory

Aug 19, 2025 9:54 AM

Tags: access, authentication, cloud, computer, group, microsoft, network, ntlm, ransomware, service, windows

Susan Bradley / CSOThe deepest level of auditing, including workgroup and domain authentication attempts that use NTLM, can be achieved by setting:Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers = Audit AllNetwork security: Restrict NTLM: Audit NTLM authentication in this domain = Enable allNetwork security: Restrict NTLM: Audit Incoming NTLM Traffic = Enable…
Windows tips for reducing the ransomware threat

Aug 7, 2025 10:11 AM

Tags: access, attack, authentication, backup, breach, cloud, computer, control, credentials, government, identity, infrastructure, login, mfa, microsoft, monitoring, network, ntlm, passkey, privacy, ransomware, risk, service, threat, windows

Susan Bradley / CSOIdeally you should have no such protocols observed.
DNN Vulnerability Exposes NTLM Credentials via Unicode Normalization Bypass

Jul 8, 2025 11:34 AM

Tags: credentials, cve, cyber, ntlm, open-source, vulnerability

Security researchers have discovered a critical vulnerability in DNN (formerly DotNetNuke), one of the oldest open-source content management systems, that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique. The vulnerability, tracked as CVE-2025-52488, affects the widely-used enterprise CMS platform and demonstrates how defensive coding measures can be circumvented through carefully…
NTLM relay attacks are back from the dead

Jul 4, 2025 9:34 AM

Tags: attack, ntlm

NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/04/ntlm-relay-attacks/
Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access

Jun 13, 2025 2:54 PM

Tags: access, cvss, cyber, exploit, flaw, identity, microsoft, ntlm, service, vulnerability

A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of critical Directory Service Accounts (DSAs), potentially compromising Active Directory environments. Rated 6.5 (Medium) on the CVSS v3.1 scale, this flaw exploits MDI’s Lateral Movement Paths (LMPs) feature and has been actively addressed in Microsoft’s May…
Windows Authentication Coercion Attacks Present Major Risks to Enterprise Networks

Jun 4, 2025 2:55 PM

Tags: attack, authentication, cyber, network, ntlm, risk, service, windows

Authentication coercion remains a potent attack vector in Windows environments, enabling attackers with even low-privileged domain accounts to force targeted systems, often high-value servers or domain controllers, to authenticate to attacker-controlled hosts. This technique is closely tied to NTLM and Kerberos relay attacks, where the coerced authentication session is intercepted and relayed to other services,…
Securing Windows 11 and Server 2025: What CISOs should know about the latest updates

May 30, 2025 8:58 AM

Tags: ai, authentication, ciso, control, crypto, Internet, login, microsoft, ntlm, password, privacy, risk, service, software, technology, update, windows

Susan Bradley / CSOYou can prevent Recall use by turning off the saving of snapshots and also disabling Click to Do. Alternatively, if you want to enable the service, I recommend setting a list of applications that you want filtered as well as excluding a list of URLs.In addition, you can set policies for Copilot.…
Windows 11 File Explorer Vulnerability Enables NTLM Hash Theft

May 29, 2025 4:55 PM

Tags: authentication, cve, cyber, flaw, malicious, ntlm, technology, theft, vulnerability, windows

A newly disclosed vulnerability, CVE-2025-24071, has been identified in Windows File Explorer, specifically affecting Windows 11 (23H2) and earlier versions that support .library-ms files and the SMB protocol. This flaw enables attackers to capture NTLM (New Technology LAN Manager) authentication hashes simply by tricking a user into extracting a malicious ZIP archive”, no further interaction…
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine

May 23, 2025 5:54 AM

Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerability

Credential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…