23 Nov, 2024

Exploit released for new Windows Server “WinReg” NTLM Relay attack

Proof-of-concept exploit code is now public for a vulnerability in Microsoft’s Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process. The vulnerability is tracked as CVE-2024-43532 and takes advantage of a fallback mechanism in the Windows Registry (WinReg) client implementation that relies on old transport protocols […]

2 mins read