Exploiting Microsoft Access "Linked Table" Feature for NTLM Forced Authentication Attacks
Researchers at Check Point have discovered a method to abuse the "Linked Table" feature in Microsoft Access, allowing attackers to perform NTLM forced authentication attacks. By tricking victims into opening a specially crafted .accdb or .mdb file, the attacker can leak the victim's NTLM tokens to an attacker-controlled server via any TCP port, bypassing firewall rules designed to block NTLM information stealing. NTLM is an outdated authentication protocol with known vulnerabilities, including brute-force attacks, pass-the-hash attacks, and relay attacks. Check Point recommends blocking outbound traffic through ports 139 and 445, disabling macros in MS-Access, and avoiding opening attachments from unsolicited sources to mitigate the risk.
- Abusing Microsoft Access "Linked Table" Feature to Perform NTLM Forced Authentication Attacks - Check Point Research Check Point Research
- A Hole in the (fire) Wall: Check Point Research reveals technique allowing attackers to bypass Firewall rules designed to stop NTLM credential thefts, and provides protection methods - Check Point Blog Check Point Blog
- View Full Coverage on Google News
Reading Insights
0
1
12 min
vs 13 min read
96%
2,524 → 105 words
Want the full story? Read the original article
Read on Check Point Research