Two security vulnerabilities have been uncovered in Microsoft Windows, and they could put businesses at risk of credential forwarding and password cracking.

Security vendor Preempt discovered the bugs in the security protocols of Microsoft Windows NT LAN Manager (NTLM). Researchers at the firm suggested that the vulnerabilities were caused by improper handling of NTLM by system protocols.

Microsoft addressed the vulnerabilities in its recent Patch Tuesday update. IT and network managers should pay attention to these updates and consider other precautionary steps, including avoiding the use of NTML altogether.

Breaking Down the Vulnerabilities

According to ZDNet, the first vulnerability, known as CVE-2017-8563, highlights how Lightweight Directory Access Protocol (LDAP) is not protected from NTLM relay. A security flaw in the protocol means that it does not always protect the user from credential forwarding.

An attacker with system privileges can use an incoming NTML session to perform LDAP operations on behalf of the user. Attackers can subsequently establish a domain admin account and take control of the network.

The second vulnerability covers remote desktop protocol (RDP) Restricted-Admin Mode, which enables individuals to connect to a remote machine without entering a password. Attackers could potentially exploit this mode to perform password cracking or credential relaying attacks with NTLM.

These two vulnerabilities are important because an attacker could potentially create new domain administrator accounts despite the use of network controls, wrote researcher Yaron Zinar in a post on Preempt’s blog.

Relay attacks, which rely on a user connecting to an infected computer, have been known to exist for more than 10 years, Bleeping Computer reported. The computer is usually infected with malware, takes NTLM credentials, and then relays them to a third party or performs malicious actions without the user’s knowledge.

Microsoft acknowledged both issues and released a fix for CVE-2017-8563 in its security update for July. The technology giant claimed that the second concern is a known issue and network configuration can help keep users safe from malicious NTLM relays.

Managing Security Vulnerabilities

Preempt noted that using NTLM puts businesses at risk of credential forwarding and password cracking. In fact, Zinar advised IT managers to avoid using NTLM in their networks, if possible.

For firms that continue to use it, Zinar suggested several precautionary steps, such as installing the CVE-2017-8563 patch on all domain controllers, monitoring NTLM traffic across the network and withholding domain admin privileges from help desk personnel.

Experts recognize that managing security vulnerabilities can be tough, especially when the risk of infection is high and technology budgets are constrained. Precautionary steps, such as those outlined by Zinar above, can help. Other best practice techniques include vulnerability scanning through analytics technologies. Above all else, IT and network managers should play close attention to updates from technology partners.

More from

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

What Does a Network Security Engineer Do?

Cybersecurity is complex. The digital transformation, remote work and the ever-evolving threat landscape require different tools and different skill sets. Systems must be in place to protect endpoints, identities and a borderless network perimeter. The job role responsible for handling this complex security infrastructure is the network security engineer. In a nutshell, the network security engineer is the person who is responsible for the design and implementation of the organization’s security system, ensuring there are no gaps or vulnerabilities for…