Highlights: Check Point Research (CPR) reveals a technique abusing Microsoft Access’s feature (Part of the Office suite) that might allow attackers to bypass Firewall rules designed to stop NTLM (NetNTLM) credential theft. Attacks against NTLM vary between brute force attacks to Man In the Middle “pass-the-hash” scenarios, all aimed at stealing personal information and impersonating identities and with the firewall bypass capabilities and without any specific protection against the NTLM leakage through non-standard ports, the firewall’s defenses will be unable to protect the user. CPR responsibly disclosed the information to Microsoft, and provides protection and mitigation methods in this blog […]
The post A Hole in the (fire) Wall: Check Point Research reveals technique allowing attackers to bypass Firewall rules designed to stop NTLM credential thefts, and provides protection methods appeared first on Check Point Blog.