Microsoft provides more mitigation instructions for the PetitPotam attack
Malwarebytes
JULY 29, 2021
It does this by performing an NTLM relay attack that does not rely on the Microsoft’s Print System Remote Protocol (MS-RPRN) API but instead uses the EfsRpcOpenFileRaw function of the Microsoft Encrypting File System Remote Protocol (MS-EFSRPC) API. The authentication process does not require the plaintext password.
Let's personalize your content