To stop pass-the-hash, NTLM relay, or password-cracking threats, Microsoft implemented a new security feature to Windows 11 that allows administrators to restrict NTLM over SMB.
This will alter the conventional method in which Windows SPNEGO would power Kerberos and NTLM (i.e., LM, NTLM, and NTLMv2) authentication discussions with destination servers.
Windows will attempt to negotiate authentication with the remote computer by executing an NTLM challenge response when connecting to a remote SMB share. However, the logged-in user’s hashed password will be included in the NTLM challenge answer and can be obtained by the server hosting the SMB share read more New Windows 11 feature blocks NTLM-based attacks over SMB.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.