Microsoft’s July 2017 Patch Tuesday includes a fix for an issue with the NT LAN Manager (NTLM) Authentication Protocol that can be exploited to allow attackers to create admin accounts on a local network’s domain controller. The Preempt attack is tracked as CVE-2017-8563, and Microsoft issues patches via the following KB articles. Microsoft said this was a known issue, but did not release a fix. Researchers also discovered a variation of this attack that works for RDP connections to infected computers.
Source: https://www.bleepingcomputer.com/news/security/ntlm-relay-attacks-still-causing-problems-in-2017/