Security News > 2021 > July > Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
Microsoft was quick to respond with a fix to an attack dubbed "PetitPotam" that could force remote Windows systems to reveal password hashes that could then be easily cracked.
The PetitPotam PoC is a form of manipulator-in-the-middle attack against Microsoft's NTLM authentication system.
According to Lionel, this similar scenario can be played out with a PetitPotam attack.
He demonstrated how a PetitPotam attack can be chained to an exploit targeting Windows Active Directory Certificate Services, which provides public key infrastructure functionality.
"To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication or signing features such as SMB signing," wrote Microsoft.
Microsoft also added that companies are vulnerable to a PetitPotam attack if NTLM authentication is enabled in their domains and/or they're using AD CS with the services "Certificate Authority Web Enrollment" and "Certificate Enrollment Web Service."
News URL
https://threatpost.com/microsoft-petitpotam-poc/168163/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)