Microsoft release whitepaper on “Pass-the-Hash” mitigation techniques

Microsoft has recently published a whitepaper titled “Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques” and containing guidance and advice to mitigate against such techniques.

The top three mitigations presented are:

- restricting and protecting high privileged domain accounts

- restricting and protecting local accounts with administrative privileges

- restricting inbound traffic using Windows Firewall

The full paper is available from Microsoft’s Security Blog.