Advertisement
Top
image credit: Unsplash

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

May 10, 2023

Via: The Hacker News
Category:

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines.

The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.

Akamai security researcher Ben Barnea, who discovered and reported the bug, noted that all Windows versions are affected, but pointed out Microsoft, Exchange servers with the March update omit the vulnerable feature.

Read More on The Hacker News

RELATED PUBLICATIONS

The importance of the Vulnerability Operations Centre for cybersecurity
Palo Alto Networks Warns of Exploited Firewall Vulnerability
Are passwordless systems the future of authentication?

Latest Publications

The importance of the Vulnerability Operations Centre for cybersecurity
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
FIN7 targeted a large U.S. carmaker with phishing attacks
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!