Microsoft Windows NTLM Spoofing Vulnerability

A spoofing vulnerability has been identified in Windows NTLM, allowing an unauthorized attacker to manipulate file names or paths and perform spoofing locally. This issue affects multiple Windows products and versions, including various editions of Windows Server, Windows 10, and Windows 11. The vulnerability arises from external control of file names or paths, which can be exploited by sending a malicious Office file to a user and convincing them to open it.

Impact

Exploitation of this vulnerability could lead to unauthorized spoofing actions within the affected NTLM implementation.

Remediation

Users can apply the security update for this vulnerability, which is available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles linked in the product-specific update guidance.