Third-Party Patches Available for More PetitPotam Attack Vectors


Disclosed in late July, PetitPotam is a remote code execution vulnerability (CVE-2021-36942) that abuses the Encrypting File System Remote (MS-EFSRPC) protocol.

An attacker exploiting the bug could get a targeted server to connect to an attacker-controlled server and perform NTLM authentication. The attacker could then use other exploits to take complete control of a Windows domain.

Microsoft, which describes PetitPotam as a classic NTLM Relay Attack, has released both mitigations and a fix for the vulnerability.

According to ACROS Security, which previously released a set of micropatches to address the issue, none of the previously released patches covered all of the vulnerable PetitPotam code entirely.