Last month, security researcher 🇫🇷 GILLES Lionel disclosed a new method called PetitPotam that forces a Windows machine, including a #Windows domain controller, to authenticate against a threat actor's malicious NTLM relay server using the Microsoft Encrypting File System Remote Protocol (EFSRPC). This weekend, 🇺🇸 Craig Kirby shared a NETSH RPC filter that blocks remote access to the MS-EFSRPC API, effectively blocking the unauthenticated PetitPotam attack vector. According to security researcher 🇫🇷 Benjamin Delpy, you can use this filter by copying the following contents [...] #Microsoft's response to recent vulnerabilities, such as PetitPotam, SeriousSAM, and PrintNightmare have been very concerning for security researchers who feel that Microsoft is not doing enough to protect its customers #vuln #informatique

https://www.bleepingcomputer.com/news/microsoft/windows-petitpotam-attacks-can-be-blocked-using-new-method/