Security News
Microsoft has released the optional KB5004296 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. This update fixes Windows 10 gaming issues that have been plaguing users since March. Windows users can install this update by going into Settings, clicking on Windows Update, and selecting 'Check for Updates.
Microsoft today announced that Windows 11 is getting more stable and closer to release, with the latest Insider build being promoted to the Beta Channel. "If you are in the Dev Channel, now would be the right time to consider switching to the Beta Channel if you want to stay on more stabilized builds of Windows 11," the Windows Insider team said.
A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. After ransomware topics were banned on hacking forums [1, 2], LockBit began promoting the new LockBit 2.0 ransomware-as-a-service operation on their data leak site.
A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. After ransomware topics were banned on hacking forums [1, 2], LockBit began promoting the new LockBit 2.0 ransomware-as-a-service operation on their data leak site.
Microsoft has released a cumulative out-of-band update to fix a known printing issue preventing some printers and scanners from working correctly. "Noncompliant printers, scanners, and multifunction devices might not work when you use smart card authentication. This issue occurs after you install the July 13, 2021 update on domain controllers in your environment."
To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller. Microsoft is sounding an alert about a threat against Windows domain controllers that would allow attackers to capture NTLM credentials and certificates.
A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authentication information.
Specifically, security researcher Gilles Lionel found it was possible to use MS-EFSRPC to force a device, including Windows domain controllers, to authenticate with a remote attacker-controlled NTLM relay. "PetitPotam takes advantage of servers," said Microsoft, "Where the Active Directory Certificate Services is not configured with protections for NTLM Relay Attacks."
The hack, which he has dubbed PetitPotam, involves what's known as an NTLM relay attack, which is a form of manipulator-in-the-middle attack against Microsoft's NTLM authentication system. Microsoft has been advising everyone to avoid NTLM, short for NT LAN Manager, for more than a decade, because it doesn't meet modern cryptographic security standards.
Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain. An unauthenticated attacker can use PetitPotam to get a targeted server to connect to their server and perform NTLM authentication.