Microsoft publishes mitigations for the PetitPotam attack


Microsoft has released mitigations for the recently discovered PetitPotam NTLM attack that could allow attackers to take over a domain controller.

A few days ago, security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with him.

The attack abuses the Encrypting File System Remote (EFSRPC) protocol, which is used to perform maintenance and management operations on encrypted data that is stored remotely and accessed over a network.

Read more…