You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
ntlmv2
About this tag
NTLMv2 is a legacy Windows authentication protocol that remains a frequent target for security vulnerabilities. Recent Microsoft patches address improper authentication and privilege elevation flaws in NTLM, such as CVE-2025-53778 and CVE-2025-54918, which allow authenticated attackers to elevate privileges over a network. These issues are part of a broader trend of NTLM-related incidents, including zero-day exploits and hash-disclosure weaknesses. Administrators are urged to apply patches promptly and harden authentication configurations to mitigate risks. The tag covers discussions on Patch Tuesday updates, vulnerability disclosures, and best practices for securing NTLMv2 in enterprise environments.
Microsoft’s advisory that an improper authentication vulnerability in Windows NTLM can let an authenticated actor elevate privileges over the network is the latest warning flag in a year already crowded with NTLM-related incidents and active exploitation chains. The vendor entry the user...
Microsoft’s Security Update Guide lists CVE-2025-53778 as an improper authentication vulnerability in the Windows NTLM implementation that can allow an authorized attacker to elevate privileges over a network, and administrators should treat it as a high-priority authentication risk until every...
Microsoft has released its February 2025 Patch Tuesday security updates, addressing a total of 55 vulnerabilities across various Windows products. Among these, 3 are classified as critical, and 4 are zero-day vulnerabilities, with 2 actively exploited in the wild.
Critical Vulnerabilities...
In a sobering announcement on November 12, 2024, Microsoft confirmed the existence of dangerous zero-day vulnerabilities affecting its Task Scheduler and other components across the Windows ecosystem. This revelation comes on the heels of a major Patch Tuesday event, during which Microsoft...
At the end of each year, some folks take a moment to jot down predictions about what the coming year has in store. I, on the other hand, do not do predictions. I am neither prognosticator, seer, fortune teller, prophet, clairvoyant, soothsayer, nor medium; although I have been accused of being a...