back to article Ghost of NTLM still haunts Microsoft: Aged protocol hole patched

Computer security biz Preempt warned last October that Microsoft NT LAN Manager (NTLM) should be avoided. On Tuesday, it plans to support its assessment by going public with details of two vulnerabilities. NTLM is an old authentication protocol. Though it was replaced by Kerberos in Windows 2000, Microsoft has not removed the …

  1. Anonymous South African Coward Bronze badge
    Facepalm

    How deep do the rabbit hole actually go?

    1. Voland's right hand Silver badge

      There is an exact description

      How deep do the rabbit hole actually go?

      I suggest you take Lewis Carrol off the shelf. It is very well covered in Alice in Wonderland.

    2. Anonymous Coward
      Anonymous Coward

      It depends on the type of soil, the softer the soil the deeper they go so there's no real definitive answer.

      You need to be a bit more specific in your questioning.

      1. H H

        It's very hard to dig tunnels in soft soil. Just saying.

        1. Anonymous Coward
          Anonymous Coward

          @H H

          What about silts? Peats I agree though.

          I could rabbit on about soil all day.

    3. Dan 55 Silver badge

      I bet it there's still LAN Manager code buried in there somewhere...

    4. Mark 85

      How deep do the rabbit hole actually go?

      All the way... after all, this is MS.

    5. Adam 1

      Is the rabbit European or African?

      1. WolfFan

        Is the rabbit European or African?

        Australian.

    6. WolfFan

      <iHow deep do the rabbit hole actually go?</i>

      Contact Nick Wilde. I'm sure he knows how deep Judy's rabbit hole goes...

      http://freshfiction.tv/wp-content/uploads/2016/03/flex_tablet_zootopia_selfie_c781d089.jpeg

      (Yes, it's SFW. Trust me, there are lots and lots and lots of NSFW Nick & Judy images out there. Google is your friend. And some people are very, very, very sick. Worse than me, and that's going a long way...)

  2. Chemical Bob

    dismissed the RDP flaw by telling Preempt it represents "a known issue."

    MS is at least acknowledging the issue which is better than IBM did many a year ago when I reported a bug in the way OS/2 v4 handled the microphone volume when running Windows 3.1 programs (yes, kids, IBM's agreement with MS let them include support for Windows 3.1 programs). IBM's response was that they were not going to do anything about it as it was not a known or unknown bug.

    1. asdf
      Trollface

      Re: dismissed the RDP flaw by telling Preempt it represents "a known issue."

      OS/2 v4, IBM, Microsoft, NTLM. Wow remember when those names were relevant. Blast from the past.

  3. Anonymous Coward
    Anonymous Coward

    " weak nonces, "

    Well, they'll never survive on A wing.

    Sorry, couldn't resist.

  4. Sven Coenye
    WTF?

    An attacker with SYSTEM privileges

    Did someone forget to change the 'sa' password again?!

    Me thinks if you have server where someone managed to gain local $DEITY privs, your problems may go deeper than the NTLM hole.

  5. Anonymous Coward
    Anonymous Coward

    "NTLM is risky and should be used with caution..." Thank you for this understatement!!! Haven't had such a good laugh in a long time.

  6. Anonymous Coward
    Anonymous Coward

    Talking about old stuff in Windows. I have Windows 10, and that still has moricons.dll in the system32 folder - I remember seeing that in WfW 3.11!

    Think I change my Office icons to the MS-DOS versions

  7. phuzz Silver badge
    Gimp

    Might have been handy to add this link to the article:

    Using security policies to restrict NTLM traffic.

    And if I wanted some downvotes, I'd point out that it's not possible to completely disable NTLM in Samba yet...

    1. Jeremy Allison

      Samba not vulnerable

      We fixed this with the "badlock" patchset already. We also notified Microsoft about this issue at the same time, but it looks like the fix took a while to filter through the system.

  8. John Smith 19 Gold badge
    Unhappy

    I've sometimes wondered what proportion of MS patches and advice to customers is really...

    a) Switch box off and on again.

    b) Script that disables / re-configures settings. IE not new code at all.

    c) Fixes a botched implementation of some packet handling protocol. IE something that's fully documented for all parameters and values of those parameters.

    My instinct is quite a lot, but I'll bet it would be extraordinarily difficult to collect the data needed to confirm my suspicion.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like