Photo by Wade Lambert / Unsplash
Mitigate PetitPotam in Active Directory Certificate Services

Mitigate PetitPotam in Active Directory Certificate Services

Published on 25 Jul 2021

Bastien Perez
Bastien Perez

Clap

đź’ˇ
Please refer to the links at the bottom of this article for the most up-to-date links by Microsoft.

Uninstall ADCS web enrollment

A quick method is to uninstall the ADCS web enrollment (reboot required). After this, you can’t use https://yourserver.domain.com/certsrv

Uninstall-WindowsFeature ADCS-WebEnrollment

Then disable the web server IIS (check before if any websites/services rely on):

Uninstall-WindowsFeature Web-Server

Official mitigations by Microsoft

Comments

banner-Bastien Perez
Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace

France