Experts Detail Zero-Click Windows Vulnerability For NTLM Credential Theft

Posted on June 2, 2023

A security flaw in Microsoft’s MSHTML platform has been revealed by researchers, which has the potential to enable attackers to circumvent integrity protections on targeted machines. The vulnerability, identified as CVE-2023-29324, is categorized as a security feature bypass and impacts all versions of Windows. The flaw was discovered by security researcher Ben Barnea from Akamai, who cautioned that an attacker without authentication could exploit the vulnerability to manipulate an Outlook client into connecting to a server controlled by the attacker, leading to the theft of NTLM credentials. Microsoft addressed the flaw in its Patch Tuesday updates for May 2023; however, the company advises users to install Internet Explorer Cumulative updates for complete protection against this vulnerability.

Relevant URL: https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html

Trusted Cybersecurity Advisors

Secure Your Bank's Future

Partner with our skilled specialists to unlock advanced cybersecurity and compliance solutions tailored to your bank's unique needs. Benefit from our expertise and experience in providing robust protection for financial institutions across the nation. Don't hesitate - secure your bank's future today.

Contact Our Experts

Experts Detail Zero-Click Windows Vulnerability For NTLM Credential Theft

Newsletter Signup

Related Posts

Secure Your Bank's Future