Number: AV19-115
Date: 12 June 2019
Microsoft has released security updates to address multiple vulnerabilities, including 21 critical vulnerabilities, affecting some Microsoft products. Of note are two vulnerabilities in Microsoft’s NT LAN Manager (NTLM) authentication protocol that affect all versions of Windows. In the first vulnerability, researchers were able to bypass several security features of the protocol to allow an actor to relay NTLM authentication requests to any computer on the domain, allowing for remote code execution in the context of the signed NTLM session. This flaw could prove to be especially dangerous if the actor were able to relay the authentication of a privileged user. The second vulnerability allows an actor to relay NTLM messages to secure web (TLS) sessions. An actor could leverage this flaw to authenticate to online Microsoft services such as Outlook Web Access, in the context of the relayed NTLM session.
CCCS encourages users and administrators to review the Microsoft June 2019 Security Updates webpage and apply the necessary updates:
Note to Readers
The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment. We are Canada’s national authority on cyber security and we lead the government’s response to cyber security events. As Canada's national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response. The Cyber Centre is outward-facing, welcoming partnerships that help build a stronger, more resilient cyber space in Canada.