Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

Active Directory Open to More NTLM Attacks: Drop The MIC 2 (CVE 2019-1166) and Exploiting LMv2 Clients (CVE-2019-1338)

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
Preempt
Word Count
2,783
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

CrowdStrike's comprehensive exploration of NTLM vulnerabilities highlights the persistent security challenges within Active Directory infrastructures, emphasizing the dangers posed by NTLM relay attacks that exploit message integrity code (MIC) bypasses. The blog details the technical intricacies of two critical vulnerabilities, CVE-2019-1166 and CVE-2019-1338, which allow attackers to circumvent NTLM protections by manipulating authentication flows and exploiting LMv2 clients. Despite modern mitigations like Enhanced Protection for Authentication (EPA) and server signing, the blog underscores that many networks remain vulnerable due to configuration errors or unsupported applications. It calls for robust enforcement of NTLM mitigations, regular patching, and the reduction of NTLM usage to mitigate the risk of full domain compromises. Furthermore, CrowdStrike recommends monitoring NTLM traffic and employing advanced detection techniques to safeguard networks, while acknowledging NTLM's inherent security risks compared to more secure protocols like Kerberos.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Zero Trust 2 1,843 1,331 3 +61333%
AI Agents 1 2,394 1,321 1 -
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.