question

te-duncan avatar image
0 Votes"
te-duncan asked te-duncan commented

RemotePotato0: Privilege Escalation Vulnerability in Windows RPC Protocol

I have found this interesting article: https://borncity.com/win/2021/07/27/remotepotato0-privilege-escalation-schwachstelle-im-windows-rpc-protocol/

This article refers to: https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/

The latter states that this so-called 'remotepotato0-privilege-escalation' has been reported to Microsoft: 11/30/2020 – Submitted vulnerability to MSRC case 62293

and lists a statement from MS: 4/13/2021 – Microsoft informed us that, after an extensive review, they determined that “Servers must defend themselves against NTLM relay attacks” (side note: setting the sign flag in NTLM provider as well as SPNEGO would have inhibited this exploit…)

Is there any CVE out there, which handles this case? Is there any OFFICIAL statement from Microsoft? Does anyone have more information on detailed mitigation for this exploit?

windows-server
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HI

"Is there any CVE out there, which handles this case? Is there any OFFICIAL statement from Microsoft?"
When I filter "Elevation of Privilege Vulnerability" in below link, I still can't find this Vulnerability information. If I find any related document, I will post it ASAP. Thanks for your waiting.

Security Update Guide
https://msrc.microsoft.com/update-guide/vulnerability

0 Votes 0 ·

1 Answer

Buckleau avatar image
0 Votes"
Buckleau answered te-duncan commented

This is also addressed in Microsoft article KB5005413 which has mitigations as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No, that's a different kind of attack. Has nothing to do with Cert.-Services...

0 Votes 0 ·