CVE-2024-38030

Меры по смягчению последствий

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation:

• Systems that have disabled NTLM are not affected.

• Apply the existing group policy to block NTLM hash. With this policy enabled, this issue for a remote SMB location client or server can be mitigated. To enable the policy: Select Computer Configuration > Windows Settings > ** Security Settings** > Local Policies > Security Options. On the right pane, double-click the Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy per the options listed below in the Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers documentation.

References:

• For customers running Windows Server 2008 or 2008 R2: Introducing the Restriction of NTLM Authentication
• For customers running Windows 7 or 2008 R2: NTLM Blocking and You
• For customers running Windows 10 or 11: Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.