Microsoft has issued a fix for a Windows Local Security Authority spoofing zero-day vulnerability, which could be abused to force domain controller authentication through the Windows NT LAN Manager protocol, BleepingComputer reports.
Threat actors have already been actively exploiting the flaw, tracked as CVE-2022-26925, and may be a new PetitPotam NTLM relay attack vector. While the vulnerability could only be abused in highly complex man-in-the-middle attacks, it can be leveraged for legitimate authentication request interception and privilege escalation to completely compromise domains.
"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it. [..] This vulnerability affects all servers but domain controllers should be prioritized in terms of applying security updates," said Microsoft, which added that the flaw affects all versions of Windows beginning from Windows 7 and Windows Server 2008.
Three new variants of the Prilex point-of-sale malware were discovered by Kaspersky researchers to have the capability of blocking NFC-enabled contactless credit card transactions to force targets to insert their credit card into the payment terminal and enable easier card data exfiltration, reports BleepingComputer.