• Micropatching the “PrinterBug/SpoolSample”

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Micropatching the “PrinterBug/SpoolSample”

    Author
    Topic
    #2457323

    0Patch comes through again, this time on a no CVE 0-day:

    https://blog.0patch.com/

    “Forced authentication issues (including NTLM relaying and Kerberos relaying) are a silent elephant in the room in Windows networks, where an attacker inside the network can force a chosen computer in the same network to perform authentication over the network such that the attacker can intercept its request. In the process, the attacker obtains some user’s or computer account’s credentials and can then use these to perform actions with the ‘borrowed’ identity.”

    “Alas, Microsoft’s position seems to be not to fix forced authentication issues unless an attack can be mounted anonymously; their fix for PetitPotam confirms that – they only addressed the anonymous attack vector. In other words:

    “If any domain user in a typical enterprise network should decide to become domain administrator, no official patch will be made available to prevent them from doing so.”

    ——

    “Hmm! Velly intelesting…”

    Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
    --
    "Sure I had a plan; Everybody's got a plan until you get hit in the teeth."

    -A Very Famous Boxer

    1 user thanked author for this post.
    Reply To: Micropatching the “PrinterBug/SpoolSample”

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: