Security News > 2021 > August > Windows security update blocks PetitPotam NTLM relay attacks

Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain.
This NTLM relay attack allows the threat actor to take over the domain controller, and thus the Windows domain.
In July, Microsoft released a security advisory explaining how to mitigate NTLM relay attacks targeting Active Directory Certificate Services.
As part of the August 2021 Patch Tuesday updates, Microsoft has released a security update that blocks the PetitPotam vector, so it cannot force a domain controller to authenticate against another server.
"The EFS API OpenEncryptedFileRaw(A/W), often used in backup software, continues to work in all versions of Windows, except when backing up to or from a system running Windows Server 2008 SP2. OpenEncryptedFileRaw will no longer work on Windows Server 2008 SP2," warns Microsoft.
If your backup software no longer works after installing this update on Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 and later, Microsoft suggests you contact your backup software developer to get an updated version.
News URL
Related news
- Microsoft shares workaround for Windows security update issues (source)
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)