— 1 min read
Mitigate PetitPotam in Active Directory Certificate Services
bastien-perez
💡
Please refer to the links at the bottom of this article for the most up-to-date links by Microsoft.
Uninstall ADCS web enrollment
A quick method is to uninstall the ADCS web enrollment (reboot required). After this, you can’t use https://yourserver.domain.com/certsrv
Uninstall-WindowsFeature ADCS-WebEnrollment
Then disable the web server IIS (check before if any websites/services rely on):
Uninstall-WindowsFeature Web-Server
Official mitigations by Microsoft
- ADV210003 – Security Update Guide – Microsoft – Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
- KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) (microsoft.com)
Previous Post
Increase Windows and Applications logs size
Next Post
Récupérer les informations d’un fichier msi avec PowerShell
Comments