"Attackers Can Steal NTLM Password Hashes via Calendar Invites"

According to security researcher Dolev Taler, a recently patched vulnerability in Microsoft Outlook that allows attackers to steal users' NTLM v2 hashes can be exploited by adding two headers to an email containing a specially crafted file. NTLM v2, the latest version of the NTLM cryptographic protocol, is used by Microsoft Windows to authenticate users to remote servers through password hashes. Taler and his colleagues from Varonis Threat Labs discovered two new ways attackers can obtain users' NTLM v2 hashes and apply them for offline brute-force or authentication relay attacks. This article continues to discuss how attackers can use stolen NTLM v2 hashes, three ways to grab NTLM v2 hashes, and how to keep these hashes out of attackers' hands.

Help Net Security reports "Attackers Can Steal NTLM Password Hashes via Calendar Invites"

Submitted by grigby1