Security News > 2020 > November > Microsoft Defender for Identity now detects Zerologon attacks
Microsoft has added support for Zerologon exploitation detection to Microsoft Defender for Identity to allow Security Operations teams to detect on-premises attacks attempting to abuse this critical vulnerability.
Microsoft Defender for Identity is a cloud-based security solution designed to leverage on-premises Active Directory signals to detect and analyze compromised identities, advanced threats, and malicious insider activity targeting an enrolled organization.
"Microsoft Defender for Identity can detect this vulnerability early on," Microsoft program manager Daniel Naim said.
"Finally, customers using Microsoft 365 Defender can take full advantage of the power of the signals and alerts from Microsoft Defender for Identity, combined with behavioral events and detections from Microsoft Defender for Endpoint," Naim added.
Since the initial advisory regarding Zerologon patching was confusing, Microsoft clarified the steps admins have to take to protect devices against attacks.
News URL
Related news
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)