CFS-2021-001: PetitPotam NTLM Vulnerability on AD CS

Issue Date: 2021/07/26
Updated Date: 2021/07/26
Title: PetitPotam NTLM Vulnerability on AD CS
Classification: No Impact
Status: Closed
Affected Products: None

Summary

Panzura CloudFS is not impacted by PetitPotam NTLM Vulnerability on AD CS

Details

A security flaw in the Windows operating system, called PetitPotam, can be exploited to cause remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. Microsoft has documented this Security Advisory here: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) - ADV210003. This vulnerability exists on Windows domain controllers or other Windows servers. A Panzura CloudFS filer does not operate as a Windows domain controller or as a Windows server. Therefore, Panzura CloudFS filers are not impacted by the PetitPotam vulnerability.

Furthermore, Panzura CloudFS filers use SMB signing for all communication to the Domain Controller, a key protection measure to prevent NTLM Relay Attacks.

Resolution

No action required.