This will prevent the sending of NTLM authentication messages to remote file shares. Please see Protected Users Security Group for more information.īlock TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. Please note: This may cause impact to applications that require NTLM, however the settings will revert once the user is removed from the Protected Users Group. Consider using it for high value accounts such as Domain Admins when possible. Performing this mitigation makes troubleshooting easier than other methods of disabling NTLM. The following mitigating factors may be helpful in your situation:Īdd users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism. **NOTE:**This will block all WebDAV connections including intranet which may impact your users or applications. The guidance below provides an additional mitigation which can reduce the risk of WebDAV based attacks until the updated versions can be applied.Ĭustomers can disable the WebClient service running on their organizations machines, similar to our recommendation of blocking TCP/445 traffic. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure.Īll outlook clients are effected, please patch the clients A.S.A.P. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Updated Mitigation section - 16-3-2023 14:00 ISSUE
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |