image
This week, Microsoft rushed out a fix for a Windows NT LAN Manager exploit dubbed “PetitPotam” that forces remote Windows systems to reveal password hashes that can be easily cracked. The frenzy begs the question: Why is securing Microsoft Active Directory (AD) such a nightmare? When security researcher Gilles Lionel first identified the bug last week, he also published proof-of-concept (PoC) exploit code to demonstrate the attack. The PoC demonstrated how a PetitPotam attack can be chained to an exploit targeting Windows Active Directory Certificate Services (AD CS), which provides public key infrastructure (PKI) functionality. Attack paths in AD are a huge issue for enterprises. It’s not just PetitPotam; AD was also part of the problem during the SolarWinds attacks. SpecterOps researchers Lee Christensen and Will Schroeder, who recently published a report on abusing AD CS titled Certified Pre-Owned (PDF) that they’ll also be doing a session on at Black Hat next week, are trying to get the security community to think about the AD problem in terms of “misconfiguration debt”: as in, incremental misconfigurations that build up over time, such that attackers are virtually guaranteed to find an attack path to their objective on any network. It’s a serious situation. AD is used by over 90 percent of the Fortune 1000 for identity and access management. Organizations need solutions that can simplify protection: solutions that can cut through the haze to gain better visibility…

Source