Alternatively, you can restrict NTLM Authentication in your Domain. To mitigate this issue, a GPO can be configured to prevent NTML credentials from automatically being sent to a remote server when clicking on a UNC link. By using this feature, attackers can inject malicious content into the PDF, and if the PDF file is opened then the target automatically starts leaking data in the form of NTLM hashes. Also in 2018, according to the Checkpoint research team, “NTLM hash leaks can also be achieved via PDF files with no user interaction or exploitation”. In 2019, the security provider “Preempt” discovered a vulnerability in NTLM which allows remote execution of malicious code on any Windows machine to authenticate to any web server that supports Windows Integrated Authentication. Due to the recent vulnerability discovered in Zoom as reviewed by security experts as of today, the 1 st of April 2020, which allows attackers to steal Windows credentials via UNC Links.
0 kommentar(er)
