A free unofficial patch is now available to block attackers from taking over domain controllers and compromising entire Windows domains via PetitPotam NTLM relay attacks. The PetitPotam attack vector that forces Windows machines to authenticate against threat actors’ malicious NTLM relay servers using the Microsoft Encrypting File System Remote Protocol (EFSRPC) was disclosed last month by security researcher Gilles Lionel (aka Topotam).
Read full article on Bleeping Computer