#VU21684 Man-in-the-Middle (MitM) attack in Windows and Windows Server
Vulnerability identifier: #VU21684
Vulnerability risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-300
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Windows
Operating systems & Components /
Operating system
Windows Server
Operating systems & Components /
Operating system
Vendor: Microsoft
Description
The vulnerability allows a remote attacker to tamper with the NTLM exchange.
The vulnerability exists due to insufficient integrity check for NTLM packets. A remote attacker can modify flags of the NTLM packet without invalidating the signature and bypass the NTLM MIC (Message Integrity Check) protection.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Windows: 7, 8.1 - 8.1 RT, 10 - 10 1903
Windows Server: 2008 - 2019 1903
External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
