[jcifs] NTLM HTTP broken by Microsoft Security Update ?
Jim Davidson
jdavidson at acm.org
Fri Apr 24 21:55:36 GMT 2009
This was alluded to in an earlier posting, but it sort of got lost in the
thread.
Microsoft just released a cumulative security update for Internet Explorer,
MS09-014. We have installed it, and it seems to break jCIFS NTLM HTTP
authentication.
The failure occurs in the last step, SmbSession.logon(). The relevant
information from the SmbAuthException is:
0xC0000022: jcifs.smb.SmbAuthException: Access is denied.
An earlier clue is that type1.getSuppliedDomain() returns null, but that
occurs in other cases.
Does this appear to be related to the update? The problem does not happen
in non-updated installations of IE.
The Microsoft docs talk about blocking "NTLM credential reflection attacks":
<http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx>
Does this mean that the technique used in the current NTLM HTTP filter has
reached the end of its life? :-( Or maybe the failure was just
coincidental... Or maybe there's some magical re-configuration that I can
do to make things work again?
Is anyone else seeing this? Thanks for any help.
-Jim
More information about the jcifs
mailing list