Microsoft, IT giant, has fixed a previously disclosed 'ShadowCoerce' vulnerability as a part of June 2022 updates, which can be exploited to target windows servers in NTLM relay attacks. The NTLM relay attack technique can be used by threat actors to force unpatched Windows servers to authenticate against servers under their control, as a result, it enables to take control of Windows domains. In response to the silent patch, a Microsoft spokesperson confirmed that no public announcement had been made about the "MS-FSRVP coercion abuse PoC aka ShadowCoerce" vulnerability which was mitigated with CVE-2022-30154, affected the same component, but Microsoft still does not provide any details about the ShadowCoerce vulnerability and no CVE-ID is assigned. According to security researcher Lionel Gilles, who first discovered the ShadowCoerce vulnerability in late 2021, the flaw enables threat actors to coerce authentication through the MS-FSRVP protocol, which is an RPC protocol used on remote computers with File Server VSS Agent Service enabled. Once the attacker receives elevated privileges, the attacker can impersonate any network device, including a Windows domain controller, as long as he relays (or forwards) the authentication request to Active Directory Certificates Services. The ShadowCoerce vulnerability can also be exploited to force NTLM relays to authenticate domain controllers, and hackers can even use MS-RPRN and MS-EFSRPC (PetitPotam) protocols for authentication to coerce remote servers. In May 2022, Microsoft also fixed a Windows LSA spoofing zero-day (tracked as CVE-2022-26925 and later confirmed to be a PetitPotam variant) that can be exploited for privilege escalation via forced authentication and Microsoft still has not addressed DFSCoerce Windows NTLM relay attack, which uses MS-DFSNM, a protocol that allows management of Windows Distributed File System (DFS) over RPC.
Finland's Transport and Communications Agency (Traficom) has issued a warning about an ongoing Android malware campaign targeting online bank accounts. The agency has reported ...
On the night of May 3rd, 2024, miscreants breached the Facial Recognition Software (FRS) portal of the Tamil Nadu police by gaining access to the website using a team password and ...
As per sources, a recent advisory issued by the FBI, the US Department of State, and the National Security Agency (NSA) warns of North Korean threat actors exploiting weak email po...