Microsoft Defender for Identity now detects PrintNightmare attacks

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Microsoft has added support for PrintNightmare exploitation detection to Microsoft Defender for Identity to help Security Operations teams detect attackers' attempts to abuse this critical vulnerability.

As revealed by Microsoft program manager Daniel Naim, Defender for Identity now identifies Windows Print Spooler service exploitation (including the actively exploited CVE-2021-34527 PrintNightmare bug) and helps block lateral movement attempts within an org's network.

If successfully exploited, this critical flaw enables attackers to take over affected servers by elevating privileges to Domain Administrator, stealing domain credentials, and distribute malware as a Domain Admin via remote code execution (RCE) with SYSTEM privileges.

Microsoft Defender for Identity (previously known as Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages on-premises Active Directory signals.
This allows SecOps teams to detect and investigate compromised identities, advanced threats, and malicious insider activity targeting enrolled orgs.

Defender for Identity is bundled with Microsoft 365 E5 but, if you don't have a subscription already, you can get a Security E5 trial right now to give this new feature a spin.

The rest
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Yes, that is always a huge disappointment when reading news like this.
Yeah, but the majority of those protections are much more useful in enterprise environment, after all the home user usually is much less susceptible to those kind of attacks and "Tuesday Patch" should be enough in most cases.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Off topic rant

Oh how not to feel "grateful" for the researchers who made all this fuss again in a totally responsible way, never motivated by the ego, totally focused on improving the security of the user and companies in general, so much so that they made a point of explaining how this affects a home user rather than throwing him into unnecessary paranoia through feeding flashy news.

How can you not be grateful for those researchers who worked directly with Microsoft to verify that the vulnerability is fixed before disclosing more information to criminals to prepare for targeted attacks?

How not to admire these researchers right? right?
 
Last edited:

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Since employees have switched to remote working during the COVID-19 pandemic, home printers and removable devices have expanded the attack surface to their companies' data and daily business operations.

To address this increased security exposure, Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus.

These new capabilities available in the enterprise endpoint security platform (previously known as Microsoft Defender Advanced Threat Protection) will allow access restrictions to removable devices and blocking printing tasks via non-corporate or non-approved printers.

"We are excited to announce new device control capabilities in Microsoft Defender for Endpoint to secure removable storage scenarios on Windows and macOS platforms and offer an additional layer of protection for printing scenarios," Microsoft said.

The rest
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top