Security News > 2021 > July > Microsoft Shares More Information on Protecting Systems Against PetitPotam Attacks
Microsoft has shared more information on how organizations can protect Windows domain controllers and other Windows servers against potential PetitPotam attacks.
PetitPotam is the name assigned to a vulnerability that can be exploited by an unauthenticated attacker to get a targeted server to connect to an arbitrary server and perform NTLM authentication.
A proof-of-concept exploitation tool was made available last week for PetitPotam by France-based security researcher Lionel Gilles, and the SANS Institute's Internet Storm Center has published a step-by-step description of the attack.
Microsoft published an advisory in response to the findings, describing PetitPotam as a "Classic NTLM Relay Attack" and pointing to previously provided mitigations.
The company's advisory confirms that information on PetitPotam is publicly available, but says it has not been exploited in attacks.
In a blog post published on Thursday, cybersecurity firm Malwarebytes described the PetitPotam attack and noted that it will be difficult to patch "Without breaking stuff" due to the fact that it abuses legitimate functionality.
News URL
Related news
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)