As part of the Microsoft Patch Tuesday, the tech giant fixed two critical flaws in Windows NTLM Security Protocol. The vulnerabilities could be exploited by attackers to create a new domain administrator account and take over the target domain. The NT LAN Manager (NTLM) is an ancient authentication protocol, despite it was replaced by Kerberos in Windows 2000, it is still supported by Microsoft and it is used by many organizations. Microsoft has released patches for 55 security vulnerabilities, including 19 critical issues, in its products, including Edge, Internet Explorer, Windows and Office Services and Web Apps.”]
Source: https://securityaffairs.co/wordpress/60935/hacking/ntlm-zero-days.html