1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft is hoping to make it tougher to steal Windows passwords

    From TechnologyDaily@1337:1/100 to All on Mon Feb 14 12:45:04 2022
    Microsoft is hoping to make it tougher to steal Windows passwords

    Date:
    Mon, 14 Feb 2022 12:28:37 +0000

    Description:
    Microsoft Defender wants to stop applications from opening the LSASS process, even with admin privileges.

    FULL STORY ======================================================================

    A cybersecurity rule sitting in Microsofts antivirus program will soon run by default, in a bid to prevent threat actors from stealing Windows credentials
    .

    Cybersecurity researcher Kostas first spotted the change in an update to Microsofts Attack Surface Reduction (ASR) rules.

    Threat actors usually steal credentials or use various exploits in order to move laterally through an already compromised network. One way to go about this business is to get admin access, then dump the memory of the Local Security Authority Server Service (LSASS) process, as it holds NTLM hashes of Windows credentials. Driver conflicts

    These can later be brute-forced, but in order to keep LSASS memory dumps away from prying eyes, Microsoft prevents access to it, through the Credential Guard, which isolates the process in a virtualized container.

    However, as BleepingComputer notes, the feature sometimes results in driver conflicts on the endpoints , which is why many organizations choose not to enable it.

    Now, to work around this issue, Microsoft will enable an ASR rule, called Block credential stealing from the Windows local security authority
    subsystem, by default.

    It prevents processes from opening the LSASS process, even with admin privileges. Read more

    Microsoft 365 exploit could give attackers access to all your emails



    Microsoft is letting users say goodbye to passwords



    Microsoft Edges half-baked password manager might now be worth a look

    "The default state for the Attack Surface Reduction (ASR) rule Block credential stealing from the Windows local security authority subsystem (lsass.exe) will change from Not Configured to Configured and the default
    mode set to Block. All other ASR rules will remain in their default state:
    Not Configured.," the updated document reads.

    "Additional filtering logic has already been incorporated in the rule to reduce end user notifications. Customers can configure the rule to Audit,
    Warn or Disabled modes, which will override the default mode. The functionality of this rule is the same, whether the rule is configured in the on-by-default mode, or if you enable Block mode manually. " You might also want to check out our list of the best identity theft protection right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-is-hopingto-make-it-tougher-to-steal- windows-passwords/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)