Outlook – Microsoft Patches Critical Flaw Leaking NTLM Passwords

by | Jan 30, 2024 | News

Outlook - Microsoft Patches Critical Flaw Leaking NTLM Passwords

Post Views: 745




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

A recently addressed security flaw in Microsoft Outlook posed a potential risk of unauthorized access to NT LAN Manager (NTLM) v2 hashed passwords. Tracked as CVE-2023-35636 with a CVSS score of 6.5, Microsoft resolved the issue as part of its December 2023 Patch Tuesday updates.

Exploitation of this vulnerability involves the calendar-sharing function in Outlook. In a scenario where an attacker could convince a user to open a specifically crafted file, the flaw could be triggered, potentially exposing NTLM v2 hashed passwords. This could occur through phishing emails containing malicious links or deceptive instant messages.

Outlook Vulnerability

varonis.com

The vulnerability, reported by Varonis security researcher Dolev Taler, involves the insertion of two headers, “Content-Class” and “x-sharing-config-url,” with carefully crafted values in a malicious email message. When a victim opens this manipulated file, their NTLM hash becomes susceptible during authentication.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

It’s noteworthy that the disclosed flaw has additional dimensions, with potential NTLM hash leaks through the Windows Performance Analyzer (WPA) and Windows File Explorer. While the primary vulnerability is patched, these attack vectors remain unaddressed.

Of particular interest is Taler’s revelation that WPA attempts to authenticate using NTLM v2 over the open web. Ordinarily, NTLM v2 should be confined to internal IP-address-based services. However, when this hash traverses the open internet, it becomes vulnerable to relay and offline brute-force attacks.

Trending: Optimize your Bug Bounty approach, Key Factors for choosing Ideal Programs




Trending: Offensive Security Tool: Bob The Smuggler

This disclosure coincides with Check Point’s revelation of a case of “forced authentication,” offering another avenue for NTLM token leakage. This involves tricking a victim into opening a rogue Microsoft Access file.

Microsoft, recognizing the security concerns associated with NTLM, had previously announced plans in October 2023 to discontinue its usage in Windows 11, opting for Kerberos to enhance security. This shift is motivated by NTLM’s limitations in supporting cryptographic methods and susceptibility to relay attacks.

Trending: Apple Addresses First 2024 Zero-Day Exploited in Live Attacks Targeting iPhones, Macs, and Apple TVs

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This