
Pass the Hash on Windows 8.1 - lelf
http://samsclass.info/lulz/pth-8.1.htm
======
mdisraeli
Whilst this interesting, I feel the need to channel Raymond Chen (of
[http://blogs.msdn.com/b/oldnewthing/)and](http://blogs.msdn.com/b/oldnewthing/\)and)
say "if you disable security features, _you have disabled security features,
don 't be surprised when it is now less secure_".

In this case there still is an issue that should really be addressed, but that
will be why it probably isn't ranked high on the to-address list

------
Fake4d
[https://twitter.com/markrussinovich/status/43768318205430579...](https://twitter.com/markrussinovich/status/437683182054305792)

Here is a Tweet from Mark Russinovich to this topic! I asked him bout that!

------
vezzy-fnord
The thread on /r/netsec offers some clarification:
[http://www.reddit.com/r/netsec/comments/1ypdo1/sorry_microso...](http://www.reddit.com/r/netsec/comments/1ypdo1/sorry_microsoft_pass_the_hash_on_windows_81_still/)

Ostensibly, the vulnerability is necessary to maintain functionality.
Something to do with the particular Kerberos implementation and backwards
compatibility. They've made it more difficult to get to the point where you
can attack, however.

