CERT mailing list archives

Previous By Date Next
Previous By Thread Next

CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Mon, 28 Jan 2019 20:43:10 -0600
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks [ 
https://www.us-cert.gov/ncas/current-activity/2019/01/28/CERTCC-Reports-Microsoft-Exchange-2013-and-Newer-are-Vulnerable
 ] 01/28/2019 08:53 PM EST 
Original release date: January 28, 2019

The CERT Coordination Center (CERT/CC) has released information to address NTLM relay attacks affecting Microsoft 
Exchange 2013 and newer versions. A remote attacker could exploit this vulnerability to take control of an affected 
system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure 
Security Agency (CISA), encourages users and administrators to review CERT/CCs Vulnerability Note VU#465632 [ 
https://www.kb.cert.org/vuls/id/465632/ ] andconsider the listedworkarounds until patches are made available.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: