Netwrix, a cybersecurity vendor that makes data security easy, today announced the discovery of a zero-day vulnerability in Netwrix Account Lockout Examiner freeware. All users of Netwrix Account Lockout Examiner 4.1 or earlier should consider immediately upgrading to version 5.1 or higher in order to avoid falling victim to this vulnerability.
According to research by Optiv, an attacker can force an account used to run Account Lockout Examiner to authenticate to a system that the attacker controls, enabling them to capture the associated NTLMv1/v2 challenge-response and gain the Domain Admin credentials used to run Account Lockout Examiner. For more details about this possible attack scenario, read the full Optiv article.
This vulnerability was discovered by Optiv security consultants Robert Surace and Daniel Min while performing a security assessment of Netwrix Lockout Examiner, and Optiv reported it to Netwrix.
For more information about mitigating the vulnerability, please visit the FAQ page: https://www.netwrix.com/faq_ale_vulnerability.html
To download Account Lockout Examiner 5.1 for free, please visit: https://www.netwrix.com/account_lockout_examiner.html
Netwrix makes data security easy thereby simplifying how professionals can control sensitive, regulated and business-critical data, regardless of where it resides. More than 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.
Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.
For more information, visit www.netwrix.com.
Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.
Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170