Security News > 2020 > November > Microsoft Defender for Identity now detects Zerologon attacks
Microsoft has added support for Zerologon exploitation detection to Microsoft Defender for Identity to allow Security Operations teams to detect on-premises attacks attempting to abuse this critical vulnerability.
Microsoft Defender for Identity is a cloud-based security solution designed to leverage on-premises Active Directory signals to detect and analyze compromised identities, advanced threats, and malicious insider activity targeting an enrolled organization.
"Microsoft Defender for Identity can detect this vulnerability early on," Microsoft program manager Daniel Naim said.
"Finally, customers using Microsoft 365 Defender can take full advantage of the power of the signals and alerts from Microsoft Defender for Identity, combined with behavioral events and detections from Microsoft Defender for Endpoint," Naim added.
Since the initial advisory regarding Zerologon patching was confusing, Microsoft clarified the steps admins have to take to protect devices against attacks.
News URL
Related news
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)