CATEGORIES
home News

Microsoft Outlines Optimum Defense Against PetitPotam Windows Server NTLM Relay Attack

by Nathan OrdMonday, July 26, 2021, 03:10 PM EDT
french security researcher discovers vulnerability that could lead to a network takeover
Hackers and threat actors are constantly searching for new ways to breach systems for cybersecurity research or exploitation, respectively. Thankfully, French researcher Gilles Lionel got to an NTLM Relay Attack, dubbed PetitPotam, first. Now, Microsoft has released a mitigation technique that IT admins should implement to remain secure.

Last week, information about PetitPotam was posted to GitHub by French cybersecurity researcher Gilles Lionel. Lionel found that, through a tool he made, it was possible “to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.” In layman’s terms, an attacker could use the program to extract NTLM authentication credentials and certificates from a remote Windows server and then take over.

In a recent security advisory, Microsoft explains that “PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect customers.” These mitigation tactics include disabling NTLM on any Active Directory Certificate Services (AD CS) servers through group policy and disabling NTLM for Internet Information Services (IIS) on AD CS Servers on the domain. This can be done by following the tutorial Microsoft provided in the advisory.

As it stands, PetitPotam has not been found in the wild, but that could change rather quickly as word of the attack vector spreads. Other security researchers around the web have indicated how bad this vulnerability is for security, which should be heeded as a warning. Hopefully, a proper fix will come out before this takes off, so stay tuned to HotHardware for updates.
Tags:  Microsoft, security, vulnerability, exploit, breach, cybersecurity, (nasdaq:msft)
Nathan Ord

Nathan Ord

Nathan Ord is a tech nerd through and through.  Following any technology, from home and business applications to VR, anything is up his alley.  Starting out as the family repair guy and local "tech expert" for those around him, he helped out wherever he could.  Nathan came aboard HotHardware in 2020 and continuously enjoys what he does.  In his free time, he enjoys volunteering, playing video games, and just relaxing with friends. 
Opinions and content posted by HotHardware contributors are their own.
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment