Summary: Cybersecurity researchers have discovered that a misconfiguration in on-premise applications can bypass Microsoft’s Group Policy designed to disable NT LAN Manager (NTLM) v1 authentication. This vulnerability allows organizations to mistakenly believe they are protected against NTLMv1 attacks, while in reality, they remain exposed due to misconfigured settings. The findings underscore the importance of auditing NTLM authentication and ensuring that systems are properly configured and updated.
Threat Actor: Various threat actors | threat actors
Victim: Organizations using NTLM | organizations using NTLM
Keypoints :
- Misconfiguration in applications can override Group Policy settings meant to disable NTLMv1.
- NTLMv1 remains widely used despite being deprecated, leading to potential security risks.
- Organizations should enable audit logs for NTLM authentication and monitor for vulnerable applications.
Source: https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html