Microsoft released an update pack this Tuesday, July 11 to correct a serious privilege escalation breach that affects all Windows versions launched after 2007. The breach compromises the NTLM protocol and allows attackers to relay user credentials and to create domain administrator accounts from compromised systems.
Besides the NTLM flaw, Microsoft also launched patches to correct other 55 security vulnerabilities (19 of which are critical) on several products including Internet Explorer and Edge browsers, Windows operating systems, Office Suite, Office Services and Web Apps, .NET Framework and Exchange Servers.
This is a critical security breach, and now it was made public it is important to notice that attackers can start to develop exploits to leverage it.
CIPHER’s recommendation is:
- Domain administrators and home users using Windows or any other software mentioned in this alert should patch their system immediately.
- Consider configuring applications such as IIS and SQL Server to use Kerberos for authentication rather than NTLM; once all applications that use NTLM are using Kerberos instead, NTLM can be disabled.
Please let us know if you have any questions related to this zero-day vulnerability.