As part of this month's Patch Tuesday,
Microsoft has released security patches for a serious privilege
escalation vulnerability which affect all versions of its Windows
operating system for enterprises released since 2007.
Researchers at behavioral firewall specialist Preempt discovered two
zero-day vulnerabilities in Windows NTLM security protocols, both of
which allow attackers to create a new domain administrator account and
get control of the entire domain.
NT LAN Manager (NTLM) is an old authentication protocol used on networks
that include systems running the Windows operating system and
stand-alone systems.
Although NTLM was replaced by Kerberos in Windows 2000 that adds greater
security to systems on a network, NTLM is still supported by Microsoft
and continues to be used widely.
The first vulnerability involves unprotected Lightweight Directory
Access Protocol (LDAP) from NTLM relay, and the second impact Remote
Desktop Protocol (RDP) Restricted-Admin mode
