Microsoft secretly fixes ShadowCoerce Bug

Microsoft fixes ShadowCoerce Windows NTLM Relay Bug Secretly

Cybercriminals attacked Windows Server with the help of NTLM relay, Taking note of this, Microsoft companies have reported that an update on Tuesday of June 2022 fixed a previously revealed ShadowCoerce vulnerability. By the way, these hackers use this type of attack to force authentication and take over the Windows domain.


So, according to a forum called Bleeping Computer, a representative of Microsoft has revealed that no public disclosure of any kind has been made about this bug so far. But all the risks caused by this affected component abusing the PoC aka ‘ShadowCoerce‘ of the same name were reduced with a patch for the CVE-2022-30154 vulnerability.

French researcher Gilles Lionel also discovered and described in detail the ShadowCoerce problem in 2021, as well as disclosed information about the petitpotum vulnerability. By the way, every fact needed proof, but according to experts, this attack only allowed forced authentication on the file server VSS Agent service enabled system through MS-FSRVP i.e. File Server Remote VSS protocol.

The CEO of ACROS Security, Mr. Mitya Kolsek was the man who noticed that the shadowCoerce was silently patched when he investigated the issue with the 0Patch team to release an unofficial patch. Looking at all these things, it is known that Microsoft has fixed the whole issue but still has not disclosed anything about it nor any kind of CVE identifier for the vulnerability.

The way Microsoft has solved this problem very consciously is really commendable but it is a matter of regret that the company has not yet given any information about it to the general public and not to CVE ID about it. Although the public should be fully aware of this, this is not such a big issue because the company has solved the problem very quickly.

So the researchers and independent security companies have urged Microsoft to contact the company (1, 2, 3, 4) and to include more detailed information about improvements in security bulletins, as well as more transparency. Well, it is also true that it is very important to have transparency in everything because it keeps the trust of the people, we will definitely be eagerly waiting for your opinion in the comment about what you think.

About the author

Christopher Edwards

Hey This is Chris, I am a Malware researcher and security analyst. I love to find out about new threats and viruses and I started this website to teach people how to stay safe online. You will get all the latest malware removal tips and tricks here. You can also ask for any virus related problem in comment section or through our contact page.