Microsoft rushed to release mitigations for a new exploit that forces remote Windows systems to reveal password hashes that can easily be cracked by malicious actors. The flaw lies in the Windows NT LAN Manager, according to the company, and has been dubbed PetitPotam. Microsoft has released an advisory that recommends that system administrators halt the use of the deprecated Windows NT LAN Manager. The bug was first identified on Thursday by security researcher Gilles Lionel. Lionel also published a proof of content exploit to demonstrate the attack, promoting Microsoft to issue an advisory the next day.
The bug lies within the Windows operating system and the abuse of remote access protocol called Encrypting File System Remote Protocol. This is designed to allow Windows systems to access remote decrypted data stores, effectively providing for the management of the sensitive data while enforcing access control policies, says Microsoft. PetitPotam has been identified as a form of manipulator-in-the-middle attack against the authentication system.