Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

This nasty Microsoft attack could let hackers hijack entire Windows servers

Image Description

A newly-uncovered security flaw in Windows can be exploited by attackers to completely take over a Windows domain, experts have said.

The vulnerability, dubbed PetitPotam, coerces remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing adversaries to stage a Windows NT LAN Manager (NTLM) relay attack.

“PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect customers,” read Microsoft’s advisory on the issue.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window

PetitPotam was discovered by cybersecurity researcher Gilles Lionel, who shared proof of concept (PoC) code, along with technical details of the flaw.

Incomplete mitigation?

Microsoft’s advisory suggests that all users who use Active Directory Certificate Services (AD CS) with either the Certificate Authority Web Enrollment service or the Certificate Enrollment Web Service are potentially vulnerable to PetitPotam.

The vulnerability, Microsoft argues, takes advantage of servers where AD CS is not configured with protections for NTLM Relay Attacks.

“To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing,” suggests Microsoft’s advisory. 

However, the researcher doesn’t think Microsoft’s mitigations fully address the issue. 

In a conversation with BleepingComputer, Lionel argues that PetitPotam is about abusing the EfsRpcOpenFileRaw function of the MS-EFSRPC API to pass on authentication requests.

And while Microsoft's advisory mitigates NTLM relay attacks, he says that it does not address the abuse of the MS-EFSRPC API, which would need a security update.

Via BleepingComputer

Date

26 Jul 2021

Sources


Share


Other Blog

  • Amazon's early Black Friday laptop deals are some of the best we've seen

    Amazon Black Friday deals are now live, even though we've still got a few weeks to go until Black Friday itself – which is on November 26 – but judging by some of these brilliant deals, we're certainly not complaining.

    Amazon has cut the prices of a range of excellent laptops, mainly from Asus, including a huge £300 off the Asus ZenBook 14, a stylish thin and light that's a great alternative to Apple's MacBook devices.

    Several affordable VivoBook laptops have also had price cuts, as have some Asus ROG Strix gaming laptops as well.

    There are some non-Asus laptops with price cuts as well, but they're not quite as impressive. However, we're sure to see more Black Friday laptop deals from Amazon and other retailers as the month continues.

    We've picked the best laptop offers from Amazon's early Black Friday deals below.

    (Not in the UK? Scroll down for deals in your region).

    Today's best Amazon Black Friday laptop deals

    Amazon's best laptop deal

    Asus ZenBook 14, Intel Core i5, 16GB RAM, 512GB SSD: £999.99 £699.99 at Amazon
    This stunning thin and light laptop from Asus doesn't just look great, it's powerful as well thanks to an 11th gen Intel Core i5 CPU and 16GB of RAM, all for £300 off.

    Asus ZenBook 14, Intel Core i7, 16GB RAM, 512GB SSD: £1,149.99 £849.99 at Amazon
    Save £300 off this model of the ZenBook 14, which comes with a more powerful 11th generation Intel Core i7 CPU compared to the i5 model above.

    Asus Vivobook with OLED screen, Ryzen 5, 8GB RAM, 512GB SSD: £699.99. £639.99 at Amazon
    This affordable laptop comes with an absolutely stunning OLED screen, which makes it ideal for photographers and video editors, as well as anyone who wants a thin and light laptop for watching movies on, all for £60 off.

    Asus ROG Strix G513QM, Ryzen 9, RTX 3060, 16GB RAM: £1,599.99. £1,399.99 at Amazon
    Save £200 off this excellent gaming laptop with an Nvidia RTX 3060, which is a good GPU for playing games at medium to high settings. The 300Hz screen is fast and responsive, and the AMD Ryzen 9-5900HX is a powerful CPU.

    Huawei MateBook D 14, Intel Core i5, 8GB RAM, 512GB SSD: £749.99. £529.99 at Amazon
    Here's a great Amazon Black Friday laptop deal for a laptop that's not made by Asus. Save £220 on this thin and stylish laptop with decent specs and an Apple-like design,

    All of these Black Friday laptop deals from Amazon run for 10 days, which means they end on November 18

    That means that these 'Black Friday' deals actually expire well before Black Friday itself! While that may seem similar to buying mince pies so early they expire well before Christmas, these laptop deals are particularly impressive, so you may want to take advantage of them while they're live.

    It also means that Amazon surely has even more laptop deals lined up for Black Friday, which is a very exciting prospect indeed.

    More laptop deals

    Here are some great laptop offers available in your region:

    More Black Friday deals

    Read More
  • Reimagining the physical office and its connectivity needs

    Like everything, our offices are fast changing following the pandemic - but how?

    Read More
  • This Black Friday PC gaming deal cuts more than half off this Alienware monitor

    The Alienware 25 AW2518HF is a speedy little monitor, supporting up to 240 fps, and right now you can get it for just $249 on Black Friday.

    Read More
  • Google backs down on controversial Chrome feature

    Google is giving up on its experiment to only show domains in Chrome after first testing out the feature last year.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us