Published: 11/07/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 455

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 7
microsoft windows server 2008
microsoft windows server 2012 r2
microsoft windows 10 -
microsoft windows 10 1511
microsoft windows 10 1607
microsoft windows 10 1703
microsoft windows server 2008 r2
microsoft windows rt 8.1
microsoft windows server 2016
microsoft windows 8.1
microsoft windows server 2012 -

C# Port of LdapRelayScan

C# LDAP Relay Scan SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication, and it's a C# port of LdapRelayScan If you're interested in WHY I develped this, check out the relative blog post If you're interested in the specifics of the error-based enumeration, see the explaination below For

Get logs with ID 2889

logsps1 Get logs with ID 2889 \logsps1 (nameFile) (begin) (end) nameFile: outputfile name without csv extension \logsps1 (nameFile): logs are obtained from the previous day at 6 AM \logsps1 (nameFile) all: get all logs eg: \logsps1 ad01 \logsps1 ad01 all note1 must be executed on the DC that previously enabled the capture of events 2889 The file must always be n

Check for LDAP protections regarding the relay of NTLM authentication

LDAP Relay Scan A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication If you're interested in the specifics of the error-based enumeration, see below For details regarding what can be done when you identify a lack of LDAP protections, see the references section Summary There are a couple server-side protections when at

Ghost of NTLM still haunts Microsoft: Aged protocol hole patched

The Register • Thomas Claburn in San Francisco • 11 Jul 2017

Authentication system gets fixed up today to limp onward

Computer security biz Preempt warned last October that Microsoft NT LAN Manager (NTLM) should be avoided. On Tuesday, it plans to support its assessment by going public with details of two vulnerabilities. NTLM is an old authentication protocol. Though it was replaced by Kerberos in Windows 2000, Microsoft has not removed the code and it continues to be used. As Preempt describes it, NTLM has weak encryption, weak nonces, no multi-factor authentication, and no mutual authentication, making it su...

CVE-2017-8563

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect