{"id":3464,"date":"2021-08-09T15:16:47","date_gmt":"2021-08-09T20:16:47","guid":{"rendered":"https:\/\/truxgoservers.com\/blog\/?p=3464"},"modified":"2021-08-09T15:16:47","modified_gmt":"2021-08-09T20:16:47","slug":"petipotam-security-flaw-in-windows","status":"publish","type":"post","link":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/","title":{"rendered":"PetiPotam security flaw in Windows"},"content":{"rendered":"\n<p>Security researcher Gilles Lionel has discovered a new NTLM relay attack which allows hackers to take over Windows domains, and this security flaw, called PetiPotam, in the Windows operating system can be exploited to force remote Windows servers, including domain controllers, to authenticate with a malicious target, allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain.<\/p>\n\n\n\n<p>While PetiPotam is not the first NTLM relay attack, it is different in the function it exploits. The previously discovered attack method exploited the Windows MS-RPRN Printing API. However, what is similar in both attacks is that the exploited services are enabled by default. Although, after the discovery of the first attack, many organizations disabled MS-RPRN as a mitigation. But the new attack method has re-emerged as a threat.<\/p>\n\n\n\n<p>Microsoft explained that executing this attack requires the adversary to have the domain credentials of the target network. Additionally, to mitigate this threat, Microsoft recommended disabling NTLM when not necessary. Although, in doing so, you run the risk of breaking the environments so it is either one or the other.<\/p>\n\n\n\n<p>Also read:<br><a href=\"https:\/\/truxgoservers.com\/blog\/windows-10-vulnerabilities-that-have-been-highlighted\/\">Windows 10 vulnerabilities that have been highlighted<\/a><br><a href=\"https:\/\/truxgoservers.com\/blog\/avoslocker-a-new-threat-against-windows\/\">AvosLocker new threat against Windows<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researcher Gilles Lionel has discovered a new NTLM relay attack which allows hackers to take over Windows domains, and this security flaw, called PetiPotam, in the Windows operating system can be exploited to force remote Windows servers, including domain controllers, to authenticate with a malicious target, allowing an adversary to stage an NTLM relay [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3465,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[36,86],"class_list":["post-3464","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-windows"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>PetiPotam security flaw in Windows - Truxgo Server Blog<\/title>\n<meta name=\"description\" content=\"Today we will see a failure in Windows systems which may allow an NTLM relay attack which was released as PetiPotam...........\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/\" \/>\n<meta property=\"og:locale\" content=\"es_MX\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PetiPotam security flaw in Windows - Truxgo Server Blog\" \/>\n<meta property=\"og:description\" content=\"Today we will see a failure in Windows systems which may allow an NTLM relay attack which was released as PetiPotam...........\" \/>\n<meta property=\"og:url\" content=\"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/\" \/>\n<meta property=\"og:site_name\" content=\"Truxgo Server Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-09T20:16:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/08\/Vulnerability.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"868\" \/>\n\t<meta property=\"og:image:height\" content=\"531\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Truxgo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Truxgo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minuto\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/\"},\"author\":{\"name\":\"Truxgo\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/person\\\/8b409c26449db6aa09724b45331e333e\"},\"headline\":\"PetiPotam security flaw in Windows\",\"datePublished\":\"2021-08-09T20:16:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/\"},\"wordCount\":200,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/Vulnerability.jpg\",\"keywords\":[\"Cybersecurity\",\"Windows\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/\",\"name\":\"PetiPotam security flaw in Windows - Truxgo Server Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/Vulnerability.jpg\",\"datePublished\":\"2021-08-09T20:16:47+00:00\",\"description\":\"Today we will see a failure in Windows systems which may allow an NTLM relay attack which was released as PetiPotam...........\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/#primaryimage\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/Vulnerability.jpg\",\"contentUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/Vulnerability.jpg\",\"width\":868,\"height\":531},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/petipotam-security-flaw-in-windows\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PetiPotam security flaw in Windows\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/\",\"name\":\"Truxgo Server Blog\",\"description\":\"Cloud Server and Hosting Tutorials.\",\"publisher\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#organization\",\"name\":\"Truxgo Server Blog\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/cropped-truxgo-logo-blanco.png\",\"contentUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/cropped-truxgo-logo-blanco.png\",\"width\":1250,\"height\":278,\"caption\":\"Truxgo Server Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/person\\\/8b409c26449db6aa09724b45331e333e\",\"name\":\"Truxgo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g\",\"caption\":\"Truxgo\"},\"sameAs\":[\"https:\\\/\\\/truxgoservers.com\\\/blog\"],\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/author\\\/truxgo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PetiPotam security flaw in Windows - Truxgo Server Blog","description":"Today we will see a failure in Windows systems which may allow an NTLM relay attack which was released as PetiPotam...........","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/","og_locale":"es_MX","og_type":"article","og_title":"PetiPotam security flaw in Windows - Truxgo Server Blog","og_description":"Today we will see a failure in Windows systems which may allow an NTLM relay attack which was released as PetiPotam...........","og_url":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/","og_site_name":"Truxgo Server Blog","article_published_time":"2021-08-09T20:16:47+00:00","og_image":[{"width":868,"height":531,"url":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/08\/Vulnerability.jpg","type":"image\/jpeg"}],"author":"Truxgo","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"Truxgo","Tiempo de lectura":"1 minuto"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/#article","isPartOf":{"@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/"},"author":{"name":"Truxgo","@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/person\/8b409c26449db6aa09724b45331e333e"},"headline":"PetiPotam security flaw in Windows","datePublished":"2021-08-09T20:16:47+00:00","mainEntityOfPage":{"@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/"},"wordCount":200,"commentCount":0,"publisher":{"@id":"https:\/\/truxgoservers.com\/blog\/#organization"},"image":{"@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/#primaryimage"},"thumbnailUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/08\/Vulnerability.jpg","keywords":["Cybersecurity","Windows"],"articleSection":["Cybersecurity"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/","url":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/","name":"PetiPotam security flaw in Windows - Truxgo Server Blog","isPartOf":{"@id":"https:\/\/truxgoservers.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/#primaryimage"},"image":{"@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/#primaryimage"},"thumbnailUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/08\/Vulnerability.jpg","datePublished":"2021-08-09T20:16:47+00:00","description":"Today we will see a failure in Windows systems which may allow an NTLM relay attack which was released as PetiPotam...........","breadcrumb":{"@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/#primaryimage","url":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/08\/Vulnerability.jpg","contentUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/08\/Vulnerability.jpg","width":868,"height":531},{"@type":"BreadcrumbList","@id":"https:\/\/truxgoservers.com\/blog\/petipotam-security-flaw-in-windows\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/truxgoservers.com\/blog\/"},{"@type":"ListItem","position":2,"name":"PetiPotam security flaw in Windows"}]},{"@type":"WebSite","@id":"https:\/\/truxgoservers.com\/blog\/#website","url":"https:\/\/truxgoservers.com\/blog\/","name":"Truxgo Server Blog","description":"Cloud Server and Hosting Tutorials.","publisher":{"@id":"https:\/\/truxgoservers.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/truxgoservers.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/truxgoservers.com\/blog\/#organization","name":"Truxgo Server Blog","url":"https:\/\/truxgoservers.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/08\/cropped-truxgo-logo-blanco.png","contentUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/08\/cropped-truxgo-logo-blanco.png","width":1250,"height":278,"caption":"Truxgo Server Blog"},"image":{"@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/person\/8b409c26449db6aa09724b45331e333e","name":"Truxgo","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g","caption":"Truxgo"},"sameAs":["https:\/\/truxgoservers.com\/blog"],"url":"https:\/\/truxgoservers.com\/blog\/author\/truxgo\/"}]}},"_links":{"self":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts\/3464","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/comments?post=3464"}],"version-history":[{"count":2,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts\/3464\/revisions"}],"predecessor-version":[{"id":3511,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts\/3464\/revisions\/3511"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/media\/3465"}],"wp:attachment":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/media?parent=3464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/categories?post=3464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/tags?post=3464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}