1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This nasty Microsoft attack could let hackers hijack entire Windo

    From TechnologyDaily@1337:1/100 to All on Mon Jul 26 11:15:03 2021
    This nasty Microsoft attack could let hackers hijack entire Windows servers

    Date:
    Mon, 26 Jul 2021 09:59:50 +0000

    Description:
    It isnt the first NTLM relay attack, argues Microsoft.

    FULL STORY ======================================================================

    A newly-uncovered security flaw in Windows can be exploited by attackers to completely take over a Windows domain, experts have said.

    The vulnerability, dubbed PetitPotam , coerces remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing adversaries to stage a Windows NT LAN Manager (NTLM) relay attack.

    PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect customers, read Microsofts advisory on the issue. TechRadar needs
    you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

    Click here to start the survey in a new window << These are the best endpoint protection tools Check our list of the best firewall apps and services Heres our recommendations of the best DNS services

    PetitPotam was discovered by cybersecurity researcher Gilles Lionel, who shared proof of concept (PoC) code, along with technical details of the flaw. Incomplete mitigation?

    Microsofts advisory suggests that all users who use Active Directory Certificate Services (AD CS) with either the Certificate Authority Web Enrollment service or the Certificate Enrollment Web Service are potentially vulnerable to PetitPotam.

    The vulnerability, Microsoft argues, takes advantage of servers where AD CS
    is not configured with protections for NTLM Relay Attacks.

    To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing, suggests Microsofts advisory.

    However, the researcher doesnt think Microsofts mitigations fully address the issue.

    In a conversation with BleepingComputer , Lionel argues that PetitPotam is about abusing the EfsRpcOpenFileRaw function of the MS-EFSRPC API to pass on authentication requests.

    And while Microsoft's advisory mitigates NTLM relay attacks, he says that it does not address the abuse of the MS-EFSRPC API, which would need a security update. Protect your devices with these best antivirus software

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-nasty-microsoft-attack-could-let-hackers-h ijack-entire-windows-servers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)