Security News > 2022 > January > Windows 'RemotePotato0' zero-day gets an unofficial patch
A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "Won't fix."
Kerberos has superseded NTLM, the current default auth protocol for domain-connected devices for all Windows 2000 and later.
Despite this, NTLM is still in use on Windows servers, allowing attackers to exploit vulnerabilities like RemotePotato0 designed to bypass NTLM relay attack mitigations.
Microsoft told the researchers that Windows admins should either disable NTLM or configure their servers to block NTLM relay attacks using Active Directory Certificate Services.
The researchers "Hope that MS reconsider their decision not to fix this serious vulnerability" since RemotePotato0 can be exploited without requiring the target's interaction by relaying authentication to other protocols, unlike similar NTLM relay attack techniques using bugs like CVE-2020-1113 and CVE-2021-1678.
The unofficial patches for RemotePotato0 are available for all Windows versions from Windows 7 to the latest Windows 10 version and from Windows Server 2008 to Windows Server 2019.
News URL
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-12 | CVE-2021-1678 | Unspecified vulnerability in Microsoft products Windows Print Spooler Spoofing Vulnerability | 8.8 |
| 2020-05-21 | CVE-2020-1113 | Improper Certificate Validation vulnerability in Microsoft products A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'. | 9.3 |