Connect with us

Hi, what are you looking for?

Tech & Science

Microsoft’s PetitPotam vulnerability enables access to servers

A new type of NTLM relay attack called PetiPotam poses a threat to Windows systems’ security. It can ultimately lead to hackers taking over Windows domains.

Photo: © AFP/File FARSHAD USYAN
Photo: © AFP/File FARSHAD USYAN

Business leaders have bene notified of a new attack method, one that can be exploited by malicious actors to take complete control of a Windows domain. This is a proof-of-concept exploitation tool named PetitPotam.

Microsoft have stated that an unauthenticated hacker can take advantage of PetitPotam to use a targeted server to connect to their server and perform NTLM authentication.

In terms of the overall technical detail, PetitPotam functions by tapping into Microsoft’s Encrypting File System Remote Protocol (MS-EFSRPC) in order to trick one Windows host into authenticating to another over LSARPC on TCP port 445. Dangerously, this gateway means that a malicious actor can do anything they want to within a Windows domain, including launching a cyberattack, such as ransomware.

In response to Microsoft’s recently disclosed PetitPotam vulnerability, security expert Anurag Kahol, CTO and cofounder of Bitglass, explains to Digital Journal what the core implications are for the business world.

Kahol places the recent incident in the context of some Microsoft stutters, noting: “PetitPotam follows two other critical Windows security flaws that were disclosed in the past month. With this particular vulnerability, attackers can obtain authentication certificates or password hashes and completely take over an organization’s network.”

The implications are serious, notes Kahol: “If exploited, the aftermath of such an attack can be highly disastrous for an enterprise, highlighting how proactive security measures are critical in these scenarios.”

The incident presents wider lessons for industry, Kahol suggests: “Enterprises must move away from using the same vendor for both their infrastructure and security needs, and instead implement third-party security solutions that can prevent attackers from operating without restrictions.”

As an example of a suitable proactive response, Kahol recommends: “With a secure access service edge (SASE), enterprises can extend consistent security to all enterprise resources and replace various fragmented solutions that must be managed and updated separately.”

He concludes by stating: “It’s time organizations break free from their single vendor infrastructure and leverage security solutions that deliver comprehensive threat protection.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

The crypto crash brought devastation for small investors and bankruptcy for many companies.

Business

Japan's economy expanded in the three months to June, official data showed Monday.

Business

Asian markets mostly rose Monday as investors took heart from signs of cooling US inflation.

Entertainment

It has been dubbed the most expensive show ever made, but producers of Amazon's "The Lord of the Rings: The Rings of Power."