Microsoft

New PetitPotam Attack Hits Windows Domains

A team of security researchers from France has discovered an unrecoverable vulnerability that affects Windows domain controllers and other Windows servers. Microsoft has already published a workaround to mitigate the vulnerability.

A research team from France published a proof-of-concept that shows how vulnerable the domain controller is. It’s about a so-called NTLM relay attack called PetitPotam. This enables threat actors to take over a domain controller and thus an entire Windows domain. After the takeover, an attacker could execute any command and thus effectively take over the Windows domain.

NTLM is a protocol introduced by Microsoft around 30 years ago. Although it has long been known that this protocol has numerous design problems and thus security weaknesses, it is still widely used. There are several steps involved in an NTLM relay attack that exploit the design problems of the protocol. This is exactly what has happened now.

In a conversation with BleepingComputer about the new relay attack method, one of the security researchers said that he does not see the attacks as a security flaw in the strict sense: “In my opinion, this is not a vulnerability, but an abuse of a legitimate function.” The researcher emphasizes that the only way to defuse this technique is to disable NTLM authentication or to enable protection mechanisms such as SMB signing or LDAP signing. The vulnerability cannot be remedied and is activated by default in all Windows environments.

Taking advantage of attenuation

Microsoft has therefore already acted quickly. The security team has published instructions and explanations. It states, “Microsoft is aware of PetitPotam, which can potentially be used to attack Windows domain controllers or other Windows servers. PetitPotam is a classic NTLM relay attack, and Microsoft has seen many of these attacks before Mitigation options to protect customers are documented. “

Windows Server versions from 2008 to 2019 are affected. Users should use Microsoft’s instructions to protect themselves. 

Share
Published by
Yasir Zeb

Recent Posts

Google Health: A bug is currently really annoying Pixel Watch users

An annoying software error is currently plaguing many owners of the Google Pixel Watch. The…

6 hours ago

Pixel Watch 5: Leak shows the design of the new Google smartwatch in advance

After the new Google smartphones in the Pixel 11 series, official marketing images of the…

6 hours ago

Epson is in court: first lawsuit over planned obsolescence

A French consumer protection association is taking Epson to court. The accusation is of planned…

6 hours ago

EU brings Meta to its knees: ChatGPT is running again in WhatsApp chat

After a months-long exclusion by the Facebook group Meta, the well-known AI chatbot ChatGPT has…

6 hours ago

Good news for Windows 11: Microsoft is banning advertising from search

Microsoft is fundamentally redesigning the search in Windows 11. The operating system loses advertising, forced…

6 hours ago

iOS 27 public beta is here: Apple starts the test phase for all iPhone users

Interested users can now install the first public beta version of iOS 27 on their…

6 hours ago