 A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The issue, dubbed "PetitPotam," was discovered by security researcher Gilles Lionel, who shared technical details and proof-of-concept (PoC) code last week, noting that the flaw works by forcing "Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function." MS-EFSRPC is Microsoft's Encrypting File System Remote Protocol that's used to perform "maintenance and management operations on encrypted data that is stored remotely and accessed over a network." Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authentication information. This is done by connecting to LSARPC, resulting in a scenario where the target server connects to an arbitrary server and performs NTLM authentication. By forcing the targeted computer to initiate an authentication procedure and share its hashed passwords via NTLM, the PetitPotam attack can be chained to an exploit targeting Windows Active Directory Certificate Services (AD CS) to seize control of the entire domain. "An attacker can target a Domain Controller to send its credentials by using the MS-EFSRPC protocol and then relaying the DC NTLM credentials to the Active Directory Certificate Services AD CS Web Enrollment pages to enroll a DC certificate," TRUESEC's Hasain Alshakarti said. "This will effectively give the attacker an authentication certificate that can be used to access domain services as a DC and compromise the entire domain. While disabling support for MS-EFSRPC doesn't stop the attack from functioning, Microsoft has since issued mitigations for the issue while characterizing "PetitPotam" as a "classic NTLM relay attack," which permit attackers with access to a network to intercept legitimate authentication traffic between a client and a server and relay those validated authentication requests in order to access network services. "To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing," Microsoft noted. "PetitPotam takes advantage of servers where the Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks."To safeguard against this line of attack, the Windows maker is recommending that customers disable NTLM authentication on the domain controller. To learn more be sure and visit OUR FORUM.  Four keyboard shortcuts to make your Windows 11 experience faster and more productive. You can now install and run the first preview build of Windows 11 through the Dev Channel of Windows Insider program. Windows 11 brings a slew of features including, Snap layouts, Widgets, Center Start menu, Android apps, and much more to increase your productivity and save time. Windows 11 provides four new keyboard shortcut keys along with familiar shortcuts to help you work faster and more efficiently. On Windows 11, you can always use the mouse to navigate and handle applications and features, but keyboard shortcuts help you to perform actions faster using a single press of multiple keys, saving you clicks and time. Although you can use all the Windows 10 shortcuts on Windows 11, the new version of the OS introduces several new keyboards shortcuts to give you quick access to new features, including Quick Settings, Notification Center, Widgets, and Snap layouts. In this Windows 11 guide, we will look at several new keyboard shortcuts to help you improve productivity. Here are the new keyboard shortcuts for Windows 11: Alot more on Windows 11 on our Forum Forum Link  Microsoft is putting Windows in the cloud. Windows 365 is a new service that will let businesses access Cloud PCs from anywhere, streaming a version of Windows 10 or Windows 11 in a web browser. While virtualization and remote access to PCs have existed for more than a decade, Microsoft is betting on Windows 365 to offer Cloud PCs to businesses just as they shift toward a mix of office and remote work. Windows 365 will work on any modern web browser or through Microsoft’s Remote Desktop app, allowing users to access their Cloud PC from a variety of devices. “Windows 365 provides an instant-on boot experience,” according to Wangui McKelvey, a general manager for Microsoft 365. This instant access lets workers stream their Windows session with all of the same apps, tools, data, and settings across Macs, iPads, Linux machines, and Android devices. “You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices,” explains McKelvey. Windows 365 will only be available for businesses when it launches on August 2nd, with a per-user monthly subscription cost. Microsoft is not detailing exact pricing details until the service launches next month, but Windows 365 is designed for one-person businesses all the way up to enterprises with thousands of employees. There will be two editions of Windows 365: Business and Enterprise. Both are powered by Azure Virtual Desktop, and individual Cloud PCs can be configured with a single CPU, 2GB of RAM, and 64GB of storage at the low-end, all the way up to eight CPUs, 32GB of RAM, and 512GB of storage. Microsoft is offering 12 different configurations for both Windows 365 Business and Enterprise, and businesses will be able to scale processing power so there will be lots of options to choose from. Technically, Microsoft offering Windows in the cloud isn’t much different from the myriad of choices that businesses could already opt for with virtualization right now. Microsoft has already offered similar technology with Azure Virtual Desktop, and Citrix has been offering cloud-hosted desktop PCs for years. Where Microsoft is trying to differentiate is in both ease of use and management. “Windows 365 is really going to make a huge difference for organizations that wanted to try virtualization for various reasons but could not — maybe it was too costly, too complex or they didn’t have the expertise in-house to do it,” says McKelvey. Businesses will be able to create Cloud PCs within minutes and assign them to employees, avoiding the need for dedicated physical hardware. That could be appealing for many businesses hiring remote workers or even temporary contract staff that need to securely access a corporate network. As your entire Windows PC is in the cloud, employees don’t need to navigate VPNs or worry about security on personal devices. While Windows 365 seems perfectly timed for businesses looking to tackle the complexities of remote work, Microsoft has been working on the service for years. The operating systems group at Microsoft had been working on a project codenamed “Arcadia,” a service to stream video games from the cloud. Arcadia dates all the way back to Microsoft demonstrating Halo running on a Windows Phone in 2013. This early virtualization work eventually led to Windows 365 and a focus on making it consumer-friendly. “When we built this team, we brought in a couple of leaders who had experience with virtualization, but for the most part we brought in people who had experience with Windows and experience with consumer experiences because that was the bar we wanted to set,” says Scott Manchester, director of program management for Windows 365. The pandemic accelerated work on Windows 365, and Microsoft’s broader focus on hybrid work. Microsoft has been steadily improving Microsoft Teams over the past year and laying out its vision for the future of meetings, remote work, and more. For more visit OUR FORUM. |
Latest Articles
|