Vulnerability Management, Threat Management

ShadowCoerce vulnerability fixed by Microsoft

Microsoft's software updates for this month have silently addressed the ShadowCoerce security flaw, which could be exploited by threat actors to facilitate NTLM relay attacks that eventually prompt Windows domain takeovers, BleepingComputer reports. The "MS-FSRVP coercion abuse PoC aka 'ShadowCoerce' was mitigated with CVE-2022-30154, which affected the same component," said a Microsoft spokesperson. Patches for ShadowCoerce, which has yet to be given a CVE ID, were earlier reported by ACROS Security CEO Mitja Kolsek. However, cybersecurity experts urged Microsoft to be more transparent about the inclusion of fixes in their updates. "It would be nice if MS were more open about this. I find unbelievable that in many ways MS is more secretive about security now than in the "bad old days" unless they can throw a marketing spin on it. Material security changes should be clearly documented in security bulletins," said Google Project Zero security researcher James Forshaw in a tweet.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.