Kaspersky ID:
KLA12248
Detect Date:
07/23/2021
Updated:
08/12/2021

Description

Microsoft is aware of PetitPotam which can potentially be used in an attack on Windows domain controllers or other Microsoft Products (Extended Security Update).
To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing. PetitPotam takes advantage of servers where Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks.

You are potentially vulnerable to this attack if you are using Active Directory Certificate Services (AD CS) with any of the following services:

  • Certificate Authority Web Enrollment
  • Certificate Enrollment Web Service

Original advisories

Related products

CVE list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.