Microsoft Releases Guidance for Mitigating PetitPotam Attack

Microsoft has published guidance for mitigating “PetitPotam,” which is described as a classic NTLM Relay Attack that exploits a security flaw in the Windows operating system. If successfully exploited, it forces remote Windows servers to authenticate with an attacker and share NTLM authentication details or authentication certificates. The attack is designed to be used inside large corporate networks and could lead to the complete takeover of a company’s internal network. Microsoft recommends disabling NTLM authentication on a Windows domain controller as the preferred and simplest mitigation. For entities that are unable to disable NTLM for compatibility reasons, it provides other mitigations they can apply. In its advisory on the issue, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrations to review Microsoft’s guidance and apply the necessary mitigations. Read more at The Record.