SB2019100925 - MitM attack in Microsoft Windows NTLM MIC and NTLMv2 implementations

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019100925

SB2019100925 - MitM attack in Microsoft Windows NTLM MIC and NTLMv2 implementations

Published: October 9, 2019

Security Bulletin ID SB2019100925
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2019-1166)

The vulnerability allows a remote attacker to tamper with the NTLM exchange.

The vulnerability exists due to insufficient integrity check for NTLM packets. A remote attacker can modify flags of the NTLM packet without invalidating the signature and bypass the NTLM MIC (Message Integrity Check) protection.


2) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2019-1338)

The vulnerability allows a remote attacker to tamper with the NTLMv2 exchange.

The vulnerability exists due to insufficient integrity check for NTLMv2 packets, when the client is also sending LMv2 responses. A remote attacker with ability to modify NTLM traffic exchange can bypass the NTLMv2 protection and gain the ability to downgrade NTLM security features.


Remediation

Install update from vendor's website.

References