A lovely review and takedown of Microsoft's lackadaisical approach to NTLM issues.
At the very least, please disable outbound SMB from your environment, and get signing/encryption (v2/3) going wherever possible.
https://blog.morphisec.com/5-ntlm-vulnerabilities-unpatched-privilege-escalation-threats-in-microsoft
Taggart :donor: /
npub1yg…tccz0
2024-11-21 16:39:19
Author Public Key
npub1yg8lnapwc8yyd0m32jcfdp7k28hwmsvtsqc59rsj6d6d0m3mynqs7tccz0Published at
2024-11-21 16:39:19Event JSON
{
"id": "efc0bb81fe28dfb71bd3d96960c1caf2a319eea7d639ec03f5b838a2e8872534",
"pubkey": "220ff9f42ec1c846bf7154b09687d651eeedc18b8031428e12d374d7ee3b24c1",
"created_at": 1732207159,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@mttaggart/113521928396315175",
"web"
],
[
"proxy",
"https://infosec.exchange/users/mttaggart/statuses/113521928396315175",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/mttaggart/statuses/113521928396315175",
"pink.momostr"
],
[
"-"
]
],
"content": "A lovely review and takedown of Microsoft's lackadaisical approach to NTLM issues.\n\nAt the very least, please disable outbound SMB from your environment, and get signing/encryption (v2/3) going wherever possible.\n\nhttps://blog.morphisec.com/5-ntlm-vulnerabilities-unpatched-privilege-escalation-threats-in-microsoft",
"sig": "d0cffda299e72ab32bd0fc46cdcbc7fb347378eb98d7b78da738bca9e8603095f22d559b93b2c43c4ade0bcf459c804bb379d1c60723c9e21f65ced7bf4cf296"
}