Security News

While there are some malicious drivers that are deliberately crafted to compromise PCs, the most problems come from a small number of legitimate drivers with accidental flaws in, said David Weston, VP of Enterprise and OS Security at Microsoft. "Think about some of the driver cases recently where a certificate leaked from a giant vendor. If we revoke that, everyone's devices may stop working. We need more of a precision mechanism to do blocking while we work towards the longer approach of revocation. The Vulnerable Driver Block List allows the user to do that with a very precise list that Microsoft has validated. We look at things like how many devices would stop working? Have we worked with a vendor to have a fix? We think the list is a good balance for folks who want security, but also want the confidence that Microsoft has done the telemetry and analysis."

SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks. Microsoft Azure Defender for IoT is supposed to detect and respond to suspicious behavior as well as highlight known vulnerabilities, and manage patching and equipment inventories, for Internet-of-Things and industrial control systems.

Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems. Following the surge of reports, Microsoft confirmed the Office updates were mistakenly marked as ransomware activity due to false positives.

Microsoft has announced that the company's new cloud-based Microsoft Defender security solution has entered preview for home customers in the United States. While Microsoft paints a pretty picture of Microsoft Defender Preview's capabilities, in reality, the application is in its very early stages.

Microsoft Defender's tentacles have spread to include the Google Cloud Platform and beefed up visibility with a public preview of CloudKnox Permissions. The addition of GCP was a while coming after Microsoft confirmed the arrival of Defender for Cloud on Amazon Web Services at its Ignite event in November.

Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform environments, providing security recommendations and threat detection across clouds. Defender for Cloud is a security solution that monitors cloud services for threats, makes recommendations to harden security posture, and detects and warns of vulnerabilities in protected multi-cloud and hybrid environments.

Microsoft is enabling a Microsoft Defender 'Attack Surface Reduction' security rule by default to block hackers' attempts to steal Windows credentials from the LSASS process. While Microsoft Defender block programs like Mimikatz, a LSASS memory dump can still be transferred to a remote computer to dump credentials without fear of being blocked.

Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine. After finding out what folders were added to the antivirus exclusion list, attackers could deliver and execute malware from an excluded folder on a compromised Windows system without having to fear that its malicious payload will be detected and neutralized.

Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform."Threat and vulnerability management in Microsoft Defender for Endpoint continuously monitors and identifies impacted devices, assesses associated risks in the environment, and provides intelligent prioritization and integrated workflows to seamlessly remediate vulnerabilities."

Microsoft Defender for Business, a new endpoint security solution specially built for small and medium-sized businesses, is now rolling out in preview worldwide.Microsoft first announced Defender for Business last month and released it in response to the 300% increase in ransomware attacks in the previous year, with over 50% of them directly impacting SMBs, according to US Secretary of Homeland Security Alejandro Mayorkas.