A free unofficial patch is now available to block attackers from taking over domain controllers via PetitPotam NTLM relay attacks. The attack vector forces Windows machines to authenticate against threat actors’ malicious servers using the Microsoft Encrypting File System Remote Protocol (EFSRPC) Microsoft released a security advisory in July explaining how to mitigate NTLm relay attacks targeting Active Directory Certificate Services (AD CS) The vulnerability was disclosed last month by security researcher Gilles Lionel (aka Topotam) Using this attack method, threat actors can completely take over Windows domains.
Source: https://www.bleepingcomputer.com/news/microsoft/windows-petitpotam-vulnerability-gets-an-unofficial-free-patch/