Security News

Microsoft is enabling a Microsoft Defender 'Attack Surface Reduction' security rule by default to block hackers' attempts to steal Windows credentials from the LSASS process. While Microsoft Defender block programs like Mimikatz, a LSASS memory dump can still be transferred to a remote computer to dump credentials without fear of being blocked.

Microsoft is enabling a Microsoft Defender 'Attack Surface Reduction' security rule by default to block hackers' attempts to steal Windows credentials from the LSASS process. One of the most common methods to steal Windows credentials is to gain admin privileges on a compromised device and then dump the memory of the Local Security Authority Server Service process running in Windows.

Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine. After finding out what folders were added to the antivirus exclusion list, attackers could deliver and execute malware from an excluded folder on a compromised Windows system without having to fear that its malicious payload will be detected and neutralized.

In a support document updated today, Microsoft stated that Windows 10 20H2 will reach EOS on May 10, 2022. "These editions will no longer receive security updates after May 10, 2022. Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 to remain supported," Microsoft explained.

Exe in Windows Server in favor of Windows PowerShell, which also includes the ability to query Windows Management Instrumentation. "The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This tool is superseded by Windows PowerShell for WMI," explains the list of deprecated Window features.

Microsoft on Monday said it's taking steps to disable Visual Basic for Applications macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector."Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access," Kellie Eickmeyer said in a post announcing the move.

Microsoft has drastically reduced Microsoft Teams' power requirements in calls and meetings since June 2020, improving experience consistency and making it more friendly with low-end devices. Robert Aichner, a Principal Group Program Manager at Microsoft, said today that Microsoft Teams now uses up to 50% less power during energy-intensive scenarios like meetings between more than 10 participants where all of them have video toggled on.

Microsoft for its February Patch Tuesday gave Windows admins just 51 fixes to apply, the smallest number of patches since the meager ration of 44 in August 2021. Perhaps more noteworthy is that there's not a single critical CVE listed in the February patch list.

Microsoft on Tuesday rolled out its monthly security updates with fixes for 51 vulnerabilities across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated Important and one is rated Moderate in severity, making it one of the rare Patch Tuesday updates without any fixes for Critical-rated vulnerabilities.

Oh, blessed day: Microsoft's Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches - none of them rated critical. February's patch-a-palooza is light not just in number of CVEs, but also in that it comes with nary a single patch that's labeled critical.