After false starts this August both by themselves and Microsoft with patches released for the PetitPotam bug not covering all attack vectors, security vendor 0Patch has released free fixes that address the vulnerability.
While they blocked anonymous users from being able to exploit the PetitPotam bug, neither Microsoft's offical fix released this month nor the earlier 0Patch micropatch handled attacks by authenticated users.
A new set of free micropatches from 0Patch handle both anonymous and authenticated user attacks however.
Micropatches are available for Windows Server 2008 R2, 2021 R2, 2016 and 2019.
They require Microsoft's August PetitPotam fix to be installed on servers.
The United States Computer Emergency Response Team's Coordination Centre (CERT-CC) considers the PetitPotam attack a serious vulnerability that can be used from domain-joined computers to take over an entire Active Directory.
Microsoft says it is aware of PetitPotam, but says it is a classic NTLM Relay Attack, with similar ones being documented in the past with mitigations published.
Proof of concept code for PetitPotam (Little Hippo) has been published on Github by topotam, the security researcher who found the vulnerability.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
