VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Windows Search URI Vulnerability Exposes Net‑NTLMv2 Hashes — No Patch Available

Уязвимость Windows Search URI раскрывает NTLMv2‑хеши — патча нет

Colleagues, a cybersecurity advisory.

Huntress discovered that search: with crumb=location can trigger an SMB connection to an attacker‑controlled server and disclose Net‑NTLMv2 hashes.

Key points:
- Disclosure occurs when a user clicks a specially crafted link.
- Harvested hashes can be used for relay attacks and privilege escalation.
- Microsoft declined to issue a patch following responsible disclosure.

Recommendations: block outbound SMB (ports 445/139), enable SMB signing, and disable NTLM where feasible.

Why it matters: absence of a fix increases the risk of network compromise.

What additional mitigations are you implementing?

#cybersecurity #Windows #NTLM #SMB

Latest comments

No comments yet.