[German]In mid-January 2023 month, I had pointed out a local NTLM authentication vulnerability (CVE-2023-21746) in my German blog post Nach RemotePotato0 kommt die Windows Local Potato NTLM-Schwachstelle (CVE-2023-21746). The two security researchers Andrea Pierini &anAntonio Cocomazzi refer to this as LocalPotator, but had not disclosed details at the time. Now the security researcher has disclosed the details of this vulnerability within the article LocalPotato – When Swapping The Context Leads You To SYSTEM. Microsoft has already patched this vulnerability with the January 2023 updates for Windows.
Advertising
