New DFSCoerce PoC Exploit Allows Attackers to Take Over Windows Domains

The recently published DFSCoerce PoC exploit uses the MS-DFSNM file system to take over Windows domains. This exploit is conceptually similar to the sensational PetitPotam attack. Let me remind you that we recently talked about how LockFile ransomware adopts ProxyShell and PetitPotam vulnerabilities. Filip Dragovich published a PoC script called “DFSCoerce” to attack an NTLM… Continue reading New DFSCoerce PoC Exploit Allows Attackers to Take Over Windows Domains

Microsoft Has Not Fully Coped with PetitPotam Attacks in Windows NTLM Relay

In May, Microsoft released a security update, as it had previously not fully coped with attacks called PetitPotam. The update and mitigation recommendations target a heavily exploited vulnerability in NTLM Relay called Windows LSA Spoofing Vulnerability with the number CVE-2022-26925. Last July, security researcher Gilles Lionel, also known as Topotam, introduced a new PetitPotam method… Continue reading Microsoft Has Not Fully Coped with PetitPotam Attacks in Windows NTLM Relay

LockFile ransomware adopts ProxyShell and PetitPotam vulnerabilities

The new LockFile ransomware exploits recently discovered ProxyShell and PetitPotam vulnerabilities to increase its chances of hacking and encrypting corporate networks. Experts from TG Soft and well-known information security researcher Kevin Beaumont reported about the new threat. They write that LockFile operators are using recently discovered vulnerabilities, collectively known as ProxyShell, to attack Microsoft Exchange… Continue reading LockFile ransomware adopts ProxyShell and PetitPotam vulnerabilities

Microsoft releases patches for 44 vulnerabilities, including three 0-days

As part of Patch Tuesday this week, Microsoft released patches for 44 vulnerabilities (51 including bugs in Microsoft Edge), seven of which were classified as critical, three were 0-day, and one was already under attack. Patches released this month: .NET Core and Visual Studio, ASP.NET Core and Visual Studio, Azure, Windows Update, Windows Print Spooler… Continue reading Microsoft releases patches for 44 vulnerabilities, including three 0-days