Microsoft released a Security Advisory warning of the NTLM Relay Attack, PetitPotam. These attacks target Windows domain controllers and other Windows servers. Environments using Active Directory Certificate Services (AD CS) are vulnerable if also using Certificate Authority Web Enrollment or Certificate Enrollment Web Service. According to industry experts, no authentication or credentials are needed  to gain domain admin access making this attack extremely dangerous.

Microsoft has listed mitigation steps HERE. Additionally, it is recommended that NTLM authentication is disabled (NTLM is enabled by default) immediately where possible.

Learn how BlueOrange Compliance can help you protect your organization and the people you serve by calling 855.500.6272, or request a free consult.

Request A Consult