Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 29, 2021Rewterz Threat Advisory – CVE-2021-22930 – Node.js close http2 Vulnerability
July 30, 2021Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 29, 2021Rewterz Threat Advisory – CVE-2021-22930 – Node.js close http2 Vulnerability
July 30, 2021Severity
Medium
Analysis Summary
PetitPotam is an NTLM relay attack, it is a form of manipulator-in-the-middle attack. Microsoft is being vigilant of PetitPotam and its capabilities because malicious actors are using Petitpotam capabilities to attack Windows domain controllers and Windows servers. For protection, Microsoft is releasing many mitigation possibilities to protect customers. To put a stop to NTLM Relay Attacks with NTLM enabled, domain administrators must use Extended Protection for Authentication (EPA) or SMB signing features. PetitPotam is capable of taking dominance on servers where Active Directory Certificate Services ( AD CS ) are not protected for NTLM Relay Attacks.
Impact
- Unauthorized Access
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Domain Controllers
- Windows Servers
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.