Security News > 2021 > August > Windows security update blocks PetitPotam NTLM relay attacks
Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain.
This NTLM relay attack allows the threat actor to take over the domain controller, and thus the Windows domain.
In July, Microsoft released a security advisory explaining how to mitigate NTLM relay attacks targeting Active Directory Certificate Services.
As part of the August 2021 Patch Tuesday updates, Microsoft has released a security update that blocks the PetitPotam vector, so it cannot force a domain controller to authenticate against another server.
"The EFS API OpenEncryptedFileRaw(A/W), often used in backup software, continues to work in all versions of Windows, except when backing up to or from a system running Windows Server 2008 SP2. OpenEncryptedFileRaw will no longer work on Windows Server 2008 SP2," warns Microsoft.
If your backup software no longer works after installing this update on Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 and later, Microsoft suggests you contact your backup software developer to get an updated version.
News URL
Related news
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)