Mitigate PetitPotam in Active Directory Certificate Services
Published on 25 Jul 2021
Clap
💡
Please refer to the links at the bottom of this article for the most up-to-date links by Microsoft.
Uninstall ADCS web enrollment
A quick method is to uninstall the ADCS web enrollment (reboot required). After this, you can’t use https://yourserver.domain.com/certsrv
Uninstall-WindowsFeature ADCS-WebEnrollment
Then disable the web server IIS (check before if any websites/services rely on):
Uninstall-WindowsFeature Web-Server
Official mitigations by Microsoft
- ADV210003 – Security Update Guide – Microsoft – Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
- KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) (microsoft.com)
Clap
Comments