Microsoft Defender for Identity now detects PrintNightmare attacks

CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Microsoft has added support for PrintNightmare exploitation detection to Microsoft Defender for Identity to help Security Operations teams detect attackers' attempts to abuse this critical vulnerability.

As revealed by Microsoft program manager Daniel Naim, Defender for Identity now identifies Windows Print Spooler service exploitation (including the actively exploited CVE-2021-34527 PrintNightmare bug) and helps block lateral movement attempts within an org's network.

If successfully exploited, this critical flaw enables attackers to take over affected servers by elevating privileges to Domain Administrator, stealing domain credentials, and distribute malware as a Domain Admin via remote code execution (RCE) with SYSTEM privileges.

Microsoft Defender for Identity (previously known as Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages on-premises Active Directory signals.
This allows SecOps teams to detect and investigate compromised identities, advanced threats, and malicious insider activity targeting enrolled orgs.

Defender for Identity is bundled with Microsoft 365 E5 but, if you don't have a subscription already, you can get a Security E5 trial right now to give this new feature a spin.
Click to expand...

The rest
www.bleepingcomputer.com

Microsoft Defender for Identity now detects PrintNightmare attacks

Microsoft has added support for PrintNightmare exploitation detection to Microsoft Defender for Identity to help Security Operations teams detect attackers' attempts to abuse this critical vulnerability.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Applause
Reactions: Andrew999, upnorth, SumTingWong and 15 others
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,348
Gandalf_The_Grey said:
Yes, that is always a huge disappointment when reading news like this.
Click to expand...
Yeah, but the majority of those protections are much more useful in enterprise environment, after all the home user usually is much less susceptible to those kind of attacks and "Tuesday Patch" should be enough in most cases.
 
  • Like
Reactions: Venustus, CyberTech, Gandalf_The_Grey and 2 others
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,348
Off topic rant

Oh how not to feel "grateful" for the researchers who made all this fuss again in a totally responsible way, never motivated by the ego, totally focused on improving the security of the user and companies in general, so much so that they made a point of explaining how this affects a home user rather than throwing him into unnecessary paranoia through feeding flashy news.

How can you not be grateful for those researchers who worked directly with Microsoft to verify that the vulnerability is fixed before disclosing more information to criminals to prepare for targeted attacks?

How not to admire these researchers right? right?
 
Last edited:
  • Like
  • Applause
Reactions: oldschool, [correlate], South Park and 5 others
CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Since employees have switched to remote working during the COVID-19 pandemic, home printers and removable devices have expanded the attack surface to their companies' data and daily business operations.

To address this increased security exposure, Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus.

These new capabilities available in the enterprise endpoint security platform (previously known as Microsoft Defender Advanced Threat Protection) will allow access restrictions to removable devices and blocking printing tasks via non-corporate or non-approved printers.

"We are excited to announce new device control capabilities in Microsoft Defender for Endpoint to secure removable storage scenarios on Windows and macOS platforms and offer an additional layer of protection for printing scenarios," Microsoft said.
Click to expand...

The rest
www.bleepingcomputer.com

Microsoft Defender ATP now secures removable storage, printers

Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: Yanick, oldschool, Venustus and 4 others

Similar threads

[correlate]
    • Like
Security News Critical PHP RCE vulnerability mass exploited in new attacks
Replies
0
Views
808
Security News
[correlate]
[correlate]
M
    • Like
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Replies
0
Views
1,137
Microsoft Defender
Microsoft Threat Intelligence
M
S
New Microsoft guidance for the DoD Zero Trust Strategy
Replies
1
Views
1,137
Microsoft Defender
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top