Security News > 2022 > January > Windows 'RemotePotato0' zero-day gets an unofficial patch
A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "Won't fix."
Kerberos has superseded NTLM, the current default auth protocol for domain-connected devices for all Windows 2000 and later.
Despite this, NTLM is still in use on Windows servers, allowing attackers to exploit vulnerabilities like RemotePotato0 designed to bypass NTLM relay attack mitigations.
Microsoft told the researchers that Windows admins should either disable NTLM or configure their servers to block NTLM relay attacks using Active Directory Certificate Services.
The researchers "Hope that MS reconsider their decision not to fix this serious vulnerability" since RemotePotato0 can be exploited without requiring the target's interaction by relaying authentication to other protocols, unlike similar NTLM relay attack techniques using bugs like CVE-2020-1113 and CVE-2021-1678.
The unofficial patches for RemotePotato0 are available for all Windows versions from Windows 7 to the latest Windows 10 version and from Windows Server 2008 to Windows Server 2019.
News URL
Related news
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-12 | CVE-2021-1678 | Unspecified vulnerability in Microsoft products Windows Print Spooler Spoofing Vulnerability | 0.0 |
2020-05-21 | CVE-2020-1113 | Improper Certificate Validation vulnerability in Microsoft products A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'. | 7.5 |