Tag

Microsoft Access

All articles tagged with #microsoft access

"Unveiling the Vulnerability: How Hackers Exploit 'Forced Authentication' to Swipe Windows NTLM Tokens"

Originally Published 2 years ago — by The Hacker News

Cybersecurity researchers have discovered a vulnerability called "forced authentication" that allows hackers to steal a Windows user's NT LAN Manager (NTLM) tokens by tricking them into opening a specially crafted Microsoft Access file. By abusing a legitimate feature in Access that allows users to link to external data sources, attackers can leak NTLM tokens to their server, enabling them to launch relay attacks. Microsoft has released mitigations for the issue, and 0patch has provided unofficial fixes for various Office versions. Additionally, Microsoft plans to discontinue NTLM in Windows 11 in favor of Kerberos for enhanced security.

technology cyber-attack-vulnerability cyber-attack-vulnerability cybersecurity forced-authentication microsoft-access relay-attack windows-ntlm-tokens

Exploiting Microsoft Access "Linked Table" Feature for NTLM Forced Authentication Attacks

Originally Published 2 years ago — by Check Point Research

Researchers at Check Point have discovered a method to abuse the "Linked Table" feature in Microsoft Access, allowing attackers to perform NTLM forced authentication attacks. By tricking victims into opening a specially crafted .accdb or .mdb file, the attacker can leak the victim's NTLM tokens to an attacker-controlled server via any TCP port, bypassing firewall rules designed to block NTLM information stealing. NTLM is an outdated authentication protocol with known vulnerabilities, including brute-force attacks, pass-the-hash attacks, and relay attacks. Check Point recommends blocking outbound traffic through ports 139 and 445, disabling macros in MS-Access, and avoiding opening attachments from unsolicited sources to mitigate the risk.

technology cybersecurity cybersecurity forced-authentication-attacks link-tables microsoft-access ntlm port-blocking