A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has shared on Friday. NTLM v2 is used by Microsoft Windows to authenticate users to remote servers via password hashes. Compromised NTLM v2 password hashes can be used in authentication relay attacks or can be brute-forced to reveal the hashed password. Microsoft has recently spelled out its ongoing effort to reduce the use of NTLM and plan to disable it altogether in Windows 11.
Read more: https://www.helpnetsecurity.com/2024/01/22/attackers-steal-ntlm-hashes/