Beware of Windows NTLM Elevation of Privilege Vulnerability Impacting All Windows Users

CVECVE-2023-21746
CVSScvssV3_1: 7.8
SourceCVE-2023-21746

Microsoft Windows is used widely across both personal and enterprise systems. A new vulnerability has been discovered that could allow attackers to elevate their privileges and take control of vulnerable Windows systems.

The vulnerability, tracked as CVE-2023-21746, exists in how Windows implements NTLM authentication. NTLM is an authentication protocol used commonly within Windows networks. By exploiting how NTLM handles certain authentication requests, an attacker could trick a Windows system into elevating an unauthorized user or process to have higher administrative privileges on the target machine.

This vulnerability is rated 7.8 out of 10 on the CVSS vulnerability scoring system, indicating it is relatively easy to exploit and can have serious impact if successfully exploited. An attacker would not need any special access to try exploiting this vulnerability. All they need is for the target system to be connected to their network.

If you use Windows, here are some steps you should take to protect yourself:

– Ensure your Windows and applications are updated with the latest patches from Microsoft. This vulnerability may already be addressed.
– Be cautious of unknown devices or networks connecting to your Windows PC and do not willingly grant network access or run unfamiliar files/programs from them.
– Use a firewall and antivirus software to block suspicious network traffic and scan for malware regularly.
– Use a strong, unique password for your Windows account and enable additional login security like PIN or biometric if available.

References