Security News

Microsoft has made a standalone version of Microsoft Defender for Business generally available, aimed at customers not keen on paying for one of its subscriptions. The product is already bundled with Microsoft 365 Business Premium but can now be picked up as a standalone product for $3 per user per month, as we reported from Ignite late last year.

Microsoft says that its enterprise-grade endpoint security for small to medium-sized businesses is now generally available as a standalone solution.Known as Microsoft Defender for Business, this product is designed for SMBs with up to 300 employees who need protection against malware, phishing, and ransomware attacks on Windows, macOS, iOS, and Android devices.

Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue. According to Windows system admins reports [1, 2, 3, 4], the security solution began marking Chrome updates as suspicious starting last evening.

While there are some malicious drivers that are deliberately crafted to compromise PCs, the most problems come from a small number of legitimate drivers with accidental flaws in, said David Weston, VP of Enterprise and OS Security at Microsoft. "Think about some of the driver cases recently where a certificate leaked from a giant vendor. If we revoke that, everyone's devices may stop working. We need more of a precision mechanism to do blocking while we work towards the longer approach of revocation. The Vulnerable Driver Block List allows the user to do that with a very precise list that Microsoft has validated. We look at things like how many devices would stop working? Have we worked with a vendor to have a fix? We think the list is a good balance for folks who want security, but also want the confidence that Microsoft has done the telemetry and analysis."

SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks. Microsoft Azure Defender for IoT is supposed to detect and respond to suspicious behavior as well as highlight known vulnerabilities, and manage patching and equipment inventories, for Internet-of-Things and industrial control systems.

Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems. Following the surge of reports, Microsoft confirmed the Office updates were mistakenly marked as ransomware activity due to false positives.

Microsoft has announced that the company's new cloud-based Microsoft Defender security solution has entered preview for home customers in the United States. While Microsoft paints a pretty picture of Microsoft Defender Preview's capabilities, in reality, the application is in its very early stages.

Microsoft Defender's tentacles have spread to include the Google Cloud Platform and beefed up visibility with a public preview of CloudKnox Permissions. The addition of GCP was a while coming after Microsoft confirmed the arrival of Defender for Cloud on Amazon Web Services at its Ignite event in November.

Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform environments, providing security recommendations and threat detection across clouds. Defender for Cloud is a security solution that monitors cloud services for threats, makes recommendations to harden security posture, and detects and warns of vulnerabilities in protected multi-cloud and hybrid environments.

Microsoft is enabling a Microsoft Defender 'Attack Surface Reduction' security rule by default to block hackers' attempts to steal Windows credentials from the LSASS process. While Microsoft Defender block programs like Mimikatz, a LSASS memory dump can still be transferred to a remote computer to dump credentials without fear of being blocked.