10 May 2022, zero day vulnerability in the Windows Operating System

TerryWoods · ‎15-06-22

On May 10th, 2022, a zero-day vulnerability was reported in the Windows Operating System which, when exploited, allows an attacker to authenticate to a domain controller. The attack targets the Windows Local Security Authority (LSA) and when combined with NTLM relay attacks, is considered highly effective. This vulnerability appears to have been re-introduced due to a Microsoft patch and is considered related to the PetitPotam NTLM attack which was first reported in August 2021.

Does Blue Prism uses NTLM protocol? If so, can LDAP be used in place of NTLM for authentication. I believe this question applies to the Windows Server as well as the DB Server.

------------------------------
Terry Woods
CEO
RPA Implementation, Inc.
America/Toronto
------------------------------

steven.boggs · ‎20-06-22

Hi Terry,

Our Application Server documentation goes into some detail about how NTLM can be used in Blue Prism, but it is not a default setting.

The Authentication Server documentation describes how LDAP can be used in Blue Prism as well.

As part of the Windows Update changes introduced in a January 11th patch that removed the default fail-over to use NTLM in lieu of Kerberos, Service Principal Names must be defined for Kerberos authentication as outlined in this documentation here.

------------------------------
Steve Boggs
Senior Product Support Engineer
Blue Prism
Austin, TX
------------------------------

SS&C Blue Prism Community

10 May 2022, zero day vulnerability in the Windows Operating System