• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues

Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues

November 18, 2020
Microsoft To Build New Azure Cloud Data Centers In Greece

Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

March 5, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft makes passwordless push in Azure Active Directory

March 5, 2021
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Microsoft Power BI Premium Per User pricing is a game changer

March 4, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 4, 2021
8×8 makes raft of updates to platform

BitDam ATP+ protects Office 365 users from unknown threats

March 4, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Cloud Network Engineer – Associate – ATL

March 3, 2021
Microsoft Outlines How To Set Up Windows Virtual Desktop

What’s New in Tufin Orchestration Suite 21-1

March 3, 2021
Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

March 2, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft to add new shared channels, encryption for calls, webinar features to Teams

March 2, 2021
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

March 1, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

March 1, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Sunday, March 7, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Microsoft To Build New Azure Cloud Data Centers In Greece

    Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft makes passwordless push in Azure Active Directory

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

    8×8 makes raft of updates to platform

    BitDam ATP+ protects Office 365 users from unknown threats

    Microsoft Outlines How To Set Up Windows Virtual Desktop

    What’s New in Tufin Orchestration Suite 21-1

    Innovative solutions for IT workers at home

    BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

    Microsoft Power BI Premium Per User pricing is a game changer

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Cloud Network Engineer – Associate – ATL

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft to add new shared channels, encryption for calls, webinar features to Teams

    Microsoft Declares ‘General Availability’ of Threat Experts Security Service

    Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home Uncategorized

Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues

by AZURE SECURITY NEWS EDITOR
November 18, 2020
in Uncategorized
0
Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues
494
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Microsoft on Monday touted its Azure Advanced Threat Protection (ATP) service as being capable of alerting organizations when they are subject to NT LAN Manager (NTLM) relay attacks.

The issue recently arose in the context of Exchange Server use. Most versions of the server could be subject to attacks that lead to elevation of privilege by an attacker, as highlighted by recent findings by researchers.

Azure ATP Detection
In response to those findings, the Microsoft Azure ATP team added detections for the use of NTLM version 1, as well as NTLM version 2 when it’s unsigned, which are both deemed insecure due to potential man-in-the-middle methods. NTLM versions 1 and 2 are old “legacy” protocols, but they still may be used by organizations.

“Although NTLMv1 and unsigned NTLMv2 should no longer be in use, our most recent research found that NTLMv1 is still commonly used in about 30-40% of the environments,” explained Tal Maor of the Microsoft Azure ATP team in Microsoft’s announcement.

The protocols might be found in environments using Windows Vista or Windows Server 2008 and earlier Windows versions, he noted. They also can be present in newer Windows systems that have backward compatibility support for NTLM, as well as “processes that implement the authentication mechanism themselves (such as Python modules like ‘Impacket‘),” Maor added. 

The insecurity of these protocols was highlighted in recent months by researchers, who demonstrated new proof-of-concept attacks that led to user impersonation capabilities (up to domain administrator privileges) in environments with Exchange Server.

NTLM version 2, when used with signing, has protections against NTLM relay attack methods. However, the version of NTLM that gets “used in each domain depends on the source computer that initiates the authentication,” Maor said. Consequently, it’s possible to be running newer versions of Active Directory and Windows Server and still be using NTLM version 1 “without realizing it,” he added.  

The decades-old NTLM protocol is used to provide a challenge/response scenario to assure secure network communications. Microsoft still supports NTLM for Windows systems, but Kerberos has long been the preferred security protocol to use instead. Exchange Server becomes problematic in this regard because it has permissions that are too high by default with respect to Active Directory. Researcher Dirk-jan Mollema described getting Exchange Server to authenticate to an attacker “using NTLM over HTTP” and then using an NTLM relay attack to escalate privileges “from any user with a mailbox to Domain Admin.”

Microsoft, in its Security Advisory CVE-2018-8581, has promised to deliver a future cumulative update for the Exchange Server elevation-of-privilege vulnerabilities, as highlighted by US-CERT. Microsoft also issued Security Advisory ADV190007 last week, which described a similar elevation-of-privilege vulnerability.

Other Detection Tools
Given those two advisories, Microsoft Azure ATP users likely will be happy to get the new NTLM warnings. However, organizations wanting that capability will need to have a subscription to the Microsoft 365 E5 licensing bundle, Microsoft’s top-of-the-line offering.

San Francisco-based Preempt Security offers a free Preempt Inspector tool. It can be used to see if an organization is vulnerable to NTLM relay attacks.

In addition, StealthBits Technologies, a Hawthorne, N.J.-based security software company, recently described its solutions that can help with aspects of the NTLM vulnerability. Darin Pendergraft, vice president of product marketing at StealthBits, noted in a blog post that StealthBits can’t address the Exchange Server vulnerability directly, but it does have solutions to ward off the ensuing elevation-of-privilege and impersonation problems. The company offers its StealthAudit product to check the default permissions of Exchange environments in using Active Directory. It has a StealthIntercept product that “can monitor and block DC Sync attacks, stopping that attack vector in its tracks,” he indicated.

Reference: https://redmondmag.com/articles/2019/02/11/azure-atp-ntlm-alerts.aspx

Share198Tweet124Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Azure Digital Twins now generally available: Create IoT solutions that model the real world

by AZURE SECURITY NEWS EDITOR
December 18, 2020
0

Today, organizations are showing a growing appetite for solutions that provide a deeper understanding of not just assets, but also...

What’s New: Reduce alert noise with Incident settings and alert grouping in Azure Sentinel

by AZURE SECURITY NEWS EDITOR
December 6, 2020
0

This installment is part of a broader series to keep you up to date with the latest features in Azure...

What’s New: Cross Workspace Incident View in Public Preview!

by AZURE SECURITY NEWS EDITOR
December 6, 2020
0

This installment is part of a broader series to keep you up to date with the latest features in Azure...

Microsoft Seriously Beefs Up Security in Windows Server 2019

Get to know cloud IoT services on AWS, Azure and Google Cloud

by AZURE SECURITY NEWS EDITOR
December 6, 2020
0

AWS, Microsoft and Google offer a range of cloud IoT services, as each tries to gain a foothold in this...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Microsoft To Build New Azure Cloud Data Centers In Greece

Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

March 5, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft makes passwordless push in Azure Active Directory

March 5, 2021
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Microsoft Power BI Premium Per User pricing is a game changer

March 4, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In