Home » Technology » Microsoft » Windows Security Update Patches PetitPotam Vulnerability

Windows Security Update Patches PetitPotam Vulnerability

PetitPotam Vulnerability

Microsoft also released a security update as part of Patch Day that closes the PetitPotam vulnerability that became known in July. The vulnerability affects Windows domain controllers and other Windows servers.

A research team from France had shown the susceptibility of the domain controller in July with a proof-of-concept. It’s about a so-called NTLM relay attack, which they named PetitPotam. Threat actors can take over a domain controller and thus an entire Windows domain if they exploit the vulnerability because an attacker can execute any command after the takeover and thus effectively take over the Windows domain. Windows Server versions from 2008 to 2019 are affected.

Microsoft blocks PetitPotam vector

NTLM is a protocol introduced by Microsoft around 30 years ago. Although this protocol has long been known to have numerous design problems and therefore security weaknesses, it is still widely used. As part of the patch day updates for August 2021, Microsoft released a security update that blocks the PetitPotam vector (CVE-2021-36942) so that it cannot force a domain controller to authenticate to another server. In the explanation it says:

“An unauthenticated attacker could call a method on the LSARPC interface and force the domain controller to authenticate itself to another server with NTLM (CVE-2021-36942). This security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW via the LSARPC interface. “

Microsoft warns that installing this update could affect backup software: “The EFS API OpenEncryptedFileRaw (A / W), which is widely used in backup software, continues to work in all versions of Windows (local and remote) except when backing up to or from a system with Windows Server 2008 SP2. OpenEncryptedFileRaw will no longer work on Windows Server 2008 SP2 “.

According to Microsoft, the providers of backup software are working with them on a solution. The developers will release updates to the backup software as soon as possible.