Security News > 2022 > May > Microsoft fixes new PetitPotam Windows NTLM Relay attack vector
A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack.
While Microsoft did not share too many details about the bug, they stated that the fix affected the EFS API OpenEncryptedFileRaw(A/W) function, which indicated that this might be another unpatched vector for the PetitPotam attack.
PetitPotam is an NTLM Relay Attack tracked as CVE-2021-36942 that French security researcher GILLES Lionel discovered, aka Topotam, in July.
BleepingComputer has since confirmed that the recently fixed NTLM Relay Attack bug does fix an unpatched vector for the PetitPotam attack.
Raphael John, who Microsoft attributes for the discovery of the new NTLM Relay vulnerability, says that he discovered that PetitPotam was still working when conducting pentests in January and March.
As new PetitPotam vectors and other NTML Relay attacks will be discovered in the future, Microsoft suggests that Windows domain admins become familiar with the mitigations outlined in their 'Mitigating NTLM Relay Attacks on Active Directory Certificate Services' support document.
News URL
Related news
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Microsoft again bothers Chrome users with Bing popup ads in Windows (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-12 | CVE-2021-36942 | Unspecified vulnerability in Microsoft products Windows LSA Spoofing Vulnerability | 7.5 |