Mitigating "Pass the Hash"...

Microsoft's Trustworthy Computing (TWC) has just published a whitepaper, Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques, of which I am a co-author.  It discusses PtH attacks against Windows operating systems, how the attack is performed, and recommends mitigations for PtH attacks and similar credential theft attacks.  You can download it from the link on this TWC blog post.