This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Remove Authentication Remove Azure Remove LAN
article thumbnail

Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)

Tenable

FEBRUARY 13, 2024

Successful exploitation of this flaw would allow an attacker to relay a New Technology LAN Manager Version 2 (NTLMv2) hash against a vulnerable server. In order to exploit this flaw, an attacker would need to be authenticated with LAN-access and have a valid login for an Exchange user.

LAN 127
LAN Windows Azure Internet 127
article thumbnail

Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)

Tenable

SEPTEMBER 12, 2023

Successful exploitation of this flaw would allow for the disclosure of New Technology LAN Manager (NTLM) hashes. Successful exploitation of these vulnerabilities requires an attacker to authenticate with LAN-access and have valid credentials for an Exchange user. Each of these vulnerabilities were given CVSSv3 scores of 8.0

LAN 122
LAN Windows 3D Azure 122
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs

Tenable

AUGUST 13, 2024

and could be abused by an authenticated attacker to bypass server-side request forgery (SSRF) protections in order to leak potentially sensitive information. Critical CVE-2024-38109 | Azure Health Bot Elevation of Privilege Vulnerability CVE-2024-38109 is a critical severity EoP vulnerability affecting Azure Health Bot.

IPv6 125
IPv6 Windows Azure LAN 125
article thumbnail

Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)

Tenable

OCTOBER 10, 2023

Successful exploitation could lead to the disclosure of New Technology LAN Manager (NTLM) hashes. To combat this, we recommend reviewing the suggestions from this Cybersecurty and Infrastructure Security Agency (CISA) blog post and the Tenable whitepaper, Password, Authentication and Web Best Practices. and is rated as important.

Windows 117
Windows Software Review Azure Systems Review 117
article thumbnail

Microsoft’s August 2023 Patch Tuesday Addresses 73 CVEs (CVE-2023-38180)

Tenable

AUGUST 8, 2023

According to the advisories, exploitation of these vulnerabilities would allow an authenticated attacker to execute code using a PowerShell remoting session. In order to successfully exploit this flaw, the attacker would first need to have LAN access and valid credentials for an Exchange user. These were omitted from our totals.

Windows 98
Windows Software Review .Net Azure 98
article thumbnail

Microsoft’s January 2023 Patch Tuesday Addresses 98 CVEs (CVE-2023-21674)

Tenable

JANUARY 10, 2023

Azure Service Fabric Container. Windows Authentication Methods. and could grant an authenticated attacker SYSTEM privileges. Successful exploitation could lead to disclosure of New Technology LAN Manager (NTLM) hashes and NTLM relay attacks. This month’s update includes patches for: NET Core. 3D Builder. Windows ALPC.

Windows 100
Windows Software Review Operating System LAN 100
article thumbnail

Microsoft’s August 2021 Patch Tuesday Addresses 44 CVEs (CVE-2021-26424, CVE-2021-36948)

Tenable

AUGUST 10, 2021

Azure Sphere. Microsoft Azure Active Directory Connect. CVE-2021-36942 is a spoofing vulnerability in Windows Local Security Authority (LSA) which could allow an unauthenticated attacker using New Technology LAN Manager (NTLM) to trick a domain controller into authenticating with another server. Microsoft Dynamics.

Windows 100
Windows Azure LAN .Net 100
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 49,000+ Insiders by signing up for our newsletter

About
Webinars
Awards
About
Editions
Webinars
Awards
Editions
Topics
LinkedIn Twitter
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024