While Microsoft is preparing the patch for PetitPotam vulnerability, 0patch has developed a micro patch to secure systems until then.
The patch was available for Windows server v2008 R2, 2012 R2, 2016, and 2019 versions. The PetitPotam flaw, if exploited, will let hackers takeover windows domains and injection malware, and perform malicious activities.
Unofficial Patch For PetitPotam Flaw
Many of Microsoft’s Windows servers are now vulnerable to a new system flaw – PetitPotam – as discovered by security researcher Gilles Lionel (aka Topotam) last week.
He detailed that threat actors can exploit this by force authenticating the targets’ Windows machines against their malicious NTLM relay servers through the Microsoft Encrypting File System Remote Protocol (EFSRPC) and take over the systems ultimately.
Hi all, MS-RPRN to coerce machine authentication is great but the service is often disabled nowadays by admins on most orgz. Here is one another way we use to elicit machine account auth via MS-EFSRPC. Enjoy!! 🙂 https://t.co/AGiS4f6yt8 — topotam (@topotam77) July 18, 2021
