Security News > 2021 > July > Microsoft Shares More Information on Protecting Systems Against PetitPotam Attacks

Microsoft has shared more information on how organizations can protect Windows domain controllers and other Windows servers against potential PetitPotam attacks.

PetitPotam is the name assigned to a vulnerability that can be exploited by an unauthenticated attacker to get a targeted server to connect to an arbitrary server and perform NTLM authentication.

A proof-of-concept exploitation tool was made available last week for PetitPotam by France-based security researcher Lionel Gilles, and the SANS Institute's Internet Storm Center has published a step-by-step description of the attack.

Microsoft published an advisory in response to the findings, describing PetitPotam as a "Classic NTLM Relay Attack" and pointing to previously provided mitigations.

The company's advisory confirms that information on PetitPotam is publicly available, but says it has not been exploited in attacks.

In a blog post published on Thursday, cybersecurity firm Malwarebytes described the PetitPotam attack and noted that it will be difficult to patch "Without breaking stuff" due to the fact that it abuses legitimate functionality.

News URL

http://feedproxy.google.com/~r/securityweek/~3/F6ButH0j1sM/microsoft-shares-more-information-protecting-systems-against-petitpotam-attacks