July 15, IDG News Service – (International) Critical design flaw in Microsoft’s Active Directory could allow password change. Researchers with Aorato identified a flaw within Microsoft’s Active Directory which could allow attackers to change a victim’s password and use the new password to access a company’s network and enterprise functions. The vulnerability relies on the older NTLM authentication protocol to perform a “pass-the-hash” attack to gain access. Source: Critical design flaw in Microsoft's Active Directory could allow password change | PCWorld