Windows security update blocks PetitPotam NTLM relay attacks

2021-08-10 19:28

Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain.

This NTLM relay attack allows the threat actor to take over the domain controller, and thus the Windows domain.

In July, Microsoft released a security advisory explaining how to mitigate NTLM relay attacks targeting Active Directory Certificate Services.

As part of the August 2021 Patch Tuesday updates, Microsoft has released a security update that blocks the PetitPotam vector, so it cannot force a domain controller to authenticate against another server.

"The EFS API OpenEncryptedFileRaw(A/W), often used in backup software, continues to work in all versions of Windows, except when backing up to or from a system running Windows Server 2008 SP2. OpenEncryptedFileRaw will no longer work on Windows Server 2008 SP2," warns Microsoft.

If your backup software no longer works after installing this update on Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 and later, Microsoft suggests you contact your backup software developer to get an updated version.

News URL

https://www.bleepingcomputer.com/news/microsoft/windows-security-update-blocks-petitpotam-ntlm-relay-attacks/

#attack #ntlm #security #windows

News URL

Related news