07-15-2014 06:01 AM
By Jeremy Kirk
Microsoft's widely used software for brokering network access has a critical design flaw, an Israeli security firm said, but Microsoft contends the issue has been long-known and defenses are in place.
Aorato used public information to craft a proof-of-concept attack that shows how an attacker can change a person's network password, potentially allowing access to other sensitive systems, said Tal Be'ery, its vice president of research.
"The dire consequences we are discussing -- that an attacker can change the password -- was definitely not known," said Be'ery in a phone interview Tuesday.
About 95 percent of Fortune 500 companies use Active Directory, making the problem "highly sensitive," Aorato wrote on its blog.
The company's research focuses on NTLM, an authentication protocol that Microsoft has been trying to phase out for years. All Windows versions older than Windows XP SP3 used NTLM as a default, and newer Windows versions are compatible with it in combination with its successor, Kerberos.
07-15-2014 11:24 AM - edited 07-15-2014 11:25 AM
Thanks Jeff I was just reading that article via a MVP channel so looks like another big patch needs to come out at some point. Also from PCWorld: http://www.pcworld.com/article/2454103/critical-de
Webroot® SecureAnywhere™ Internet Security Complete Beta Tester v22.214.171.124 on my main system Alienware 17R2 with Windows 10 Professional x64 Version 1607 (Build 14393.447) & Motorola Moto Z Android 6.0.1 Marshmallow with WSA Mobile Complete v126.96.36.19960 which is full Cloud now as well! I also test new Windows Insider 32bit & 64bit builds on Virtual Machines.
Microsoft® Windows Insider MVP - Windows Security