Tech

Microsoft Defender gears up against Windows credential theft

Deepak GuptaFebruary 15, 2022
0

Microsoft Defender has just acquired a new tool to protect against Windows credential theft. To do this, the software will activate an ASR (Attack Surface Reduction) rule by default.

microsoft defender
Credits: Microsoft

Launched in November 2021, Windows Defender has a new utility called Microsoft Defender. It notably includes the detection and remediation services of Microsoft 365 Defender and Azure Defender. With this added weight, Windows Defender now offers “the greatest resource coverage of any XDR solution in the industry.”

For memory, XDR solutions enable rapid response to cyberattacks through machine learning algorithms and observable analytics of user data in the cloud. And precisely, the Microsoft antivirus software will receive a new tool, to prevent this time Windows credential theft.

As the Redmond firm explains, one of the most common techniques for stealing Windows credentials is gain administrator privileges on a compromised devicethen dump the memory of the Local Security Authority Server Service (LSAS) process running in Windows.

Also read: Windows Defender – you will soon be able to control your PC security on Android and iOS

Microsoft Defender enables an ASR rule by default

To prevent attackers from abusing LSASS core dumps, Microsoft has introduced mechanisms blocking access to the LSASS process. The first of these is none other than Credancial Guard. Its job is to isolate the LSASS process in a virtualized container to prevent other processes from accessing it.

However, Credential Guard can conflict with drivers or applications, leading some companies to disable it. So to avoid Windows ID theft and possible conflicts between apps and Credential GuardMicrosoft will soon enable by default an attack surface reduction rule (ASR for Attack Surface Reduction) in Microsoft Defender.

Indeed, the “Block Credential stealing from the Windows local security authority subsystem” rule prevents processes from opening the LSASS process and clearing its memory, even if an attacker has administrative privileges. “The Attack Surface Reduction (ASR) “Block Credential stealing from the Windows local security authority subsystem” default state is changed from Not Configured to Configured and the default mode is set to Block. All other ASR rules will remain in their default state: Not Configured”, explains Microsoft in its ASR rules document.

Source: Bleeding Computer

We have other articles that may interest you:
  1. Why you won’t find a PS5 during Amazon Prime Days
  2. Black Friday 2021 kicks off on Amazon with several historical lows
  3. Samsung Introduces Industry’s First LPDDR5X Memory
  4. The Realme 9 5G reveals its technical sheet before its release
  5. These actors have given life to video game characters in the cinema
  6. How to convert a JPG or PNG image to a PDF file
Deepak GuptaFebruary 15, 2022
0

Related Articles

Tachyum Prodigy, a 128-core CPU with a TDP of almost 1,000 watts

June 13, 2022

These are the best Disney+ Moon Knight Funkos

April 18, 2022

The Xiaomi Note 11 Pro at a bargain price at AliExpress for the winter sales!

January 12, 2023

These Are The 4 Deleted Scenes You Didn’t See In Thor: Love And Thunder

September 10, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *