Security News > 2021 > December > Microsoft: Secured-core servers help prevent ransomware attacks
Microsoft says the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices are now available to protect customers' networks from security threats, including ransomware attacks.
The newly certified Secured-core servers use Secure boot and the Trusted Platform Module 2.0 to ensure that only trusted will be able to load on boot.
By blocking credential theft attempts, Secured-core servers can help make it much harder for threat actors to move laterally through the network, thus stopping their attacks before they can gain persistence and deploy their payloads.
Secured-core servers would have stopped RobbinHood Ransomware operators from exploiting a vulnerable GIGABYTE driver to elevate privileges and install malicious unsigned Windows drivers.
Dozens of models with Secured-core server functionality are now available in the Azure Stack HCI catalog and the Windows Server Catalog lists.
Redmond first announced that Windows Server 2022 will expand Secured-core to the Windows Server platform when the new release entered preview in March.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)