Security researchers have devised a way to block the PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. Microsoft released an advisory titled ‘Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)’ last week. Microsoft’s advisory explains how to protect AD CS servers from such attacks. Researchers have figured out how to block remote unauthenticated attacks using NETSH filters using a Windows command-line utility that allows administrators to configure network interfaces, add filters, and modify Windows firewall configuration.
Source: https://www.bleepingcomputer.com/news/microsoft/windows-petitpotam-attacks-can-be-blocked-using-new-method/