"Outlook Vulnerability Exposes NTLM Password Hashes to Attackers"
A recently patched vulnerability in Microsoft Outlook allowed attackers to steal users’ NTLM v2 hashes by adding two headers to an email carrying a specially crafted file. While the CVE-2023-35636 has been fixed, two additional unpatched vulnerabilities can also be exploited to obtain NTLM v2 hashes. Compromised hashes can be used for authentication relay attacks or offline brute-force attacks, allowing threat actors to access sensitive enterprise systems and resources. Microsoft has outlined plans to reduce the use of NTLM and disable it in Windows 11, but organizations can protect themselves by enabling SMB signing, blocking outgoing NTLM v2 authentication, and enforcing Kerberos authentication.