"Unveiling the Vulnerability: How Hackers Exploit 'Forced Authentication' to Swipe Windows NTLM Tokens"
Originally Published 2 years ago — by The Hacker News
Cybersecurity researchers have discovered a vulnerability called "forced authentication" that allows hackers to steal a Windows user's NT LAN Manager (NTLM) tokens by tricking them into opening a specially crafted Microsoft Access file. By abusing a legitimate feature in Access that allows users to link to external data sources, attackers can leak NTLM tokens to their server, enabling them to launch relay attacks. Microsoft has released mitigations for the issue, and 0patch has provided unofficial fixes for various Office versions. Additionally, Microsoft plans to discontinue NTLM in Windows 11 in favor of Kerberos for enhanced security.