Security News

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authentication information.

Specifically, security researcher Gilles Lionel found it was possible to use MS-EFSRPC to force a device, including Windows domain controllers, to authenticate with a remote attacker-controlled NTLM relay. "PetitPotam takes advantage of servers," said Microsoft, "Where the Active Directory Certificate Services is not configured with protections for NTLM Relay Attacks."

The hack, which he has dubbed PetitPotam, involves what's known as an NTLM relay attack, which is a form of manipulator-in-the-middle attack against Microsoft's NTLM authentication system. Microsoft has been advising everyone to avoid NTLM, short for NT LAN Manager, for more than a decade, because it doesn't meet modern cryptographic security standards.

Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain. An unauthenticated attacker can use PetitPotam to get a targeted server to connect to their server and perform NTLM authentication.

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability - SeriousSAM - allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash attack.

Windows 11 was officially announced last month with a redesigned Start, taskbar and Action Center experience. At the moment, Windows 11 is available to testers in the Dev Channel of the Insider program.

Kaseya obtains universal REvil decryptorThere's finally some good news for the MSPs and their customers that have been hit by the REvil ransomware gang via compromised Kaseya VSA software: a universal decryptor has made it available to affected organizations. Easily exploitable, unpatched Windows privilege escalation flaw revealedA researcher has unearthed an easily exploitable vulnerability in Windows 10 that may allow local non-administrative users to gain administrative-level privileges.

With the release of Windows 10's March 2021 updates and subsequent updates, some users have been experiencing performance issues when playing games. These gaming issues include decreased frame rate, stuttering in certain games, and flickering textures.

Microsoft says customers may experience printing and scanning issues on devices using smart card authentication after installing July 2021 Windows 10 security updates on a domain controller. Windows 10 users who encounter this issue are advised to first check if they have the latest drivers and firmware installed on the non-compliant and misbehaving printing or scanning devices.

A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. If this attack is successful, the attacker could take over the domain controller and perform any command they wish, effectively taking over the Windows domain.