Microsoft has confirmed it fixed a previously disclosed ‘ShadowCoerce’ vulnerability as part of the June 2022 updates that enabled attackers to target Windows servers in NTLM relay attacks.
This NTLM relay attack method can be used by threat actors to force unpatched servers to authenticate against servers under the attacker’s control, leading to a takeover of the Windows domain.
As BleepingComputer was told by a Microsoft spokesperson, while there was no public announcement made regarding this issue, the “MS-FSRVP coercion abuse PoC aka ‘ShadowCoerce’ was mitigated with CVE-2022-30154, which affected the same component.”
While it is good that Microsoft has fixed this vulnerability, they have not yet provided any details publicly and is yet to assign a CVE ID.
It would be nice if MS were more open about this. I find unbelievable that in many ways MS is more secretive about security now than in the “bad old days” unless they can throw a marketing spin on it. Material security changes should be clearly documented in security bulletins.
— James Forshaw (@tiraniddo) July 4, 2022
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”