Windows admins get new tools against pass-the-hash attacks

Status
Not open for further replies.

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Last Patch Tuesday, Microsoft released security updates that brought some of the pass-the-hash (PtH) mitigations introduced in Windows Server 2012 R2 and Windows 8.1 to Windows Server 2008 R2 and Windows 7. This is great news for computer admins fighting the good fight against credential thieves.

Both version 1.0 of the PtH white paper and "Best Practices for Securing Active Directory" came out before Microsoft had pushed out the new Windows PtH mitigations. Still, they contain useful information you won't find anywhere else, including recommendations you should definitely follow. In particular, the Active Directory white paper contain the "secrets" to maintaining a very low-risk Active Directory environment. Learn it and you'll be an AD security expert, too.

In Windows 2012 R2 and Windows 8.1 releases, Microsoft released a slew of new features specifically created to stop or minimize PtH attacks, which version 2 of the PtH whitepaper covers in good detail. Here's a recap of the new Windows PtH mitigations:

  • Strengthened LSASS to prevent hash dumps
  • Many processes that once stored credentials in memory no longer do so
  • Better methods to restrict local accounts from going over the network
  • Programs are prevented from leaving credentials in memory after a user logs out
  • Allows Remote Desktop Protocol (RDP) connections without putting the user's credentials on the remotely controlled computer
  • A new Protected Users group, with member's credentials that can't be used in remote PtH attacks
  • Several other OS changes that make PtH attacks far more difficult to achieve
Most of these protections are now available in all of Microsoft's supported operating systems. If your company is worried about PtH attacks, you should implement these mitigations. Yes, hackers and malware writers are already working overtime to defeat these defenses, but enabling them can only help you and reduce risk.

Full Article
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top