744b05b3-e1aa-47d0-b4ca-0d327bd6ab3d
PetitPotam abuses the Encrypting File System (MS-EFSRPC) protocol, which is designed for performing maintenance and management operations on encrypted data that is stored remotely and accessed over a network. An unauthenticated attacker can use PetitPotam to get a targeted server to connect to their server and perform NTLM authentication.
https://www.bleepingcomputer.com/news/microsoft/new-petitpotam-attack-allows-take-over-of-windows-domains/
https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html
Microsoft has provided more detailed mitigation instructions in a separate KB article, KB5005413. Microsoft's "preferred mitigation" is disabling NTLM authentication on a Windows domain controller.
Keep in mind that disabling NTLM authentication may break legacy apps or connections to older versions of Windows, as such some testing is recommended.
GroupPolicy Editor: Local Computer Policy / Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options / Network Security: Restrict NTLM: Incomming NTLM traffic [Set to:] Deny all accounts