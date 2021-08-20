Researchers patch Microsoft's 'Petitpotam' vulnerability patch

By on
Researchers patch Microsoft's 'Petitpotam' vulnerability patch

August fix did not cover all vectors.

After false starts this August both by themselves and Microsoft with patches released for the PetitPotam bug not covering all attack vectors, security vendor 0Patch has released free fixes that address the vulnerability.

While they blocked anonymous users from being able to exploit the PetitPotam bug, neither Microsoft's offical fix released this month nor the earlier 0Patch micropatch handled attacks by authenticated users.

A new set of free micropatches from 0Patch handle both anonymous and authenticated user attacks however.

Micropatches are available for Windows Server 2008 R2, 2021 R2, 2016 and 2019.

They require Microsoft's August PetitPotam fix to be installed on servers.

The United States Computer Emergency Response Team's Coordination Centre (CERT-CC) considers the PetitPotam attack a serious vulnerability that can be used from domain-joined computers to take over an entire Active Directory.

Microsoft says it is aware of PetitPotam, but says it is a classic NTLM Relay Attack, with similar ones being documented in the past with mitigations published.

Proof of concept code for PetitPotam (Little Hippo) has been published on Github by topotam, the security researcher who found the vulnerability.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
0patch certcc microsoft petitpotam security windows

Sponsored Whitepapers

Develop a resiliency strategy that integrates risk analysis & continuity management
Develop a resiliency strategy that integrates risk analysis & continuity management
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
IBM Maximo: Manage any asset, anytime, any place with mobile EAM
Optimise your operations with APM and AI-Powered insights
Optimise your operations with APM and AI-Powered insights
Forrester Study: Understand the total economic impact of using IBM Cloud Pak&#8482; for Data
Forrester Study: Understand the total economic impact of using IBM Cloud Pak™ for Data
Technology skill development: The strategy for building better teams
Technology skill development: The strategy for building better teams

Events

Most Read Articles

Australian Federal Police investigates ASC subsea cable cut off Perth

Australian Federal Police investigates ASC subsea cable cut off Perth
JB Hi-Fi refurbishes 7500 'unsellable' handsets for staff, loan use

JB Hi-Fi refurbishes 7500 'unsellable' handsets for staff, loan use
How IT offshoring came back to bite Transport for NSW

How IT offshoring came back to bite Transport for NSW
CBA to send 100 roles including from its technology operations offshore

CBA to send 100 roles including from its technology operations offshore

Log In

Email:
Password:
  |  Forgot your password?