CVE-2023-21746

Name of the Vulnerable Software and Affected Versions Windows versions prior to the January 2023 Patch Tuesday

Description The issue is related to the implementation of the NT LAN Manager (NTLM) protocol in Windows operating systems, which is associated with insufficient access restrictions. Exploitation of this issue may allow an attacker to bypass security restrictions and elevate their privileges. The vulnerability allows for arbitrary file read/write and elevation of privilege. It is a type of NTLM reflection attack that targets local authentication.

Recommendations As a temporary workaround, consider disabling the NTLM protocol until a patch is available. Restrict access to the vulnerable NTLM service to minimize the risk of exploitation. Apply the January 2023 Patch Tuesday updates to resolve the issue. If you are running a version of Windows that is not patched, avoid using the NTLM protocol for authentication.