KLA12244
Microsoft Advisory for Active Directory Certificate Services

Обновлено: 04/08/2021
Дата обнаружения
23/07/2021
Уровень угрозы
Warning
Описание

Microsoft is aware of PetitPotam which can potentially be used in an attack on Windows domain controllers or other Windows servers.
To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing. PetitPotam takes advantage of servers where Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks.

You are potentially vulnerable to this attack if you are using Active Directory Certificate Services (AD CS) with any of the following services:

  • Certificate Authority Web Enrollment
  • Certificate Enrollment Web Service
Пораженные продукты

Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Server 2016
Microsoft Windows Server 2019

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
ADV210003
Связанные продукты
Microsoft Windows Server
Microsoft Windows Server 2012
Microsoft Windows Server 2008