Cybersecurity researchers have identified a case of "forced authentication" that can be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens. Attackers can trick victims into opening a specially crafted Microsoft Access file, taking advantage of a legitimate feature allowing users to link to external data sources. This abuse of the linked table feature in Access enables the automatic leakage of NTLM tokens to an attacker-controlled server when a victim opens an .accdb or .mdb file. The attack relies on embedding an .accdb file with a remote SQL Server database link inside an MS Word document, utilizing Object Linking and Embedding (OLE). Although Microsoft has released mitigations, 0patch has issued unofficial fixes for various Office versions. Microsoft is planning to discontinue NTLM in Windows 11 in favor of Kerberos for enhanced security.