Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens

By Newsroom

Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database management system solution that allows users to link to external data sources, such as a remote

Related tags
November 28^th 2023 at 10:23

The Hacker News
Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'
December 15^th 2022 at 13:42

Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'

By Ravie Lakshmanan

Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was previously described as an information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. SPNEGO,

Related tags
December 15^th 2022 at 13:42