Security News > 2023 > March > Microsoft enables LSA protection by default in Windows Canary build

Microsoft says the latest Windows 11 build rolling out to Insiders in the Canary channel will enable Local Security Authority protection by default.

LSA protection is crucial for safeguarding against the theft of sensitive information or login credentials by blocking untrusted code injection into the LSA process and blocking process memory dumping.

Windows Insiders can check if LSA protection is enabled on their systems by opening the Windows Security app and going to the Device Security > Core Isolation page.

In February 2022, Microsoft also said that it would enable a Microsoft Defender 'Attack Surface Reduction' security rule by default to block attempts to steal Windows credentials from the Local Security Authority Subsystem Service process.

The Windows 11 Insider Preview Build 25314 rolling out today to Insiders in the Canary Channel further increases Windows 11 security by disabling the Remote Mailslot Protocol by default.

Today, Microsoft also released a new Windows 11 preview build to the rebooted Dev Channel, which comes with multiple new features, including a new notification toast button to copy 2FA codes, File Explorer access keys, and a new VPN status indicator.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-enables-lsa-protection-by-default-in-windows-canary-build/