In the security advisory that was last updated on Saturday, Microsoft gave the feature “Exploitation is Less Possible”, which explains in part as follows: “Microsoft’s analysis showed that even if exploit code could be created, an attacker would have difficulty creating the code. , requiring expertise and/or complex time, and/or various effects when targeted at the affected product. In addition, Microsoft has not seen this type of vulnerability widely exploited in the wild. This makes it less visible to attackers.”
On the other hand, Mitre, says in his analysis that the chances of exploitation from the exposure of NTLM hashes are high, and that the disclosure of information is possible in different ways, the most important of which is “the code that controls the resources that contain sensitive information on purpose.” , but resources were made available unintentionally.”
The analysis notes that sensitive information may include personal information such as health records, business secrets and intellectual property, network status and configuration, and “system status and environment, such as the operating system and installed packages.”
Source link