All articles tagged with #microsoft defender
Microsoft has released a new Defender update (version 1.431.796.0) for Windows 10, Windows 11, and Windows Server images to ensure installation media contains the latest security definitions, closing security gaps and improving performance, especially against threats like stealer malware.
The U.S. Department of Commerce has banned Kaspersky software, preventing it from providing updates to U.S. customers. Despite the prevalence of third-party antivirus software, built-in protections like Microsoft Defender are now highly effective, making additional paid antivirus programs largely unnecessary. Older Americans are more likely to pay for these services out of habit, but modern default protections are sufficient for most users.
Ransomware is a serious threat, but Windows users can activate built-in protection through Microsoft Defender by enabling Controlled folder access and ensuring they are logged into OneDrive for automatic backups. While this may cause some inconvenience, such as blocking access to certain folders, it provides an additional layer of defense against ransomware attacks. Users can also consider upgrading their antivirus software for more comprehensive protection.
A new information-stealing malware called Phemedrone is exploiting a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts and harvest data from web browsers, cryptocurrency wallets, and various software applications. The flaw, fixed during November 2023 Patch Tuesday, allows attackers to trick victims into opening malicious URL files, leading to the execution of a PowerShell loader and the theft of sensitive information. Trend Micro reports that Phemedrone targets a wide range of applications and data, and has published indicators of compromise for this campaign.
Users have reported experiencing performance losses and issues with games after upgrading to Windows 11 23H2. Reddit and Microsoft forum threads highlight CPU performance degradation, random stuttering, frame drops, and texture loading issues. Resetting the Windows Security app and enabling CPU virtualization in BIOS, along with enabling Memory Integrity under Core Isolation settings, seems to resolve the performance problems for some users. Further investigation is needed to determine the root cause of these issues.
Microsoft has launched a bug bounty program called Microsoft Defender Bounty Program, offering rewards ranging from $500 to $20,000 for identifying vulnerabilities in the Microsoft Defender security platform. The program is currently limited to Microsoft Defender for Endpoint APIs but is expected to expand to include other Defender products in the future. The highest reward is for critical severity remote code execution vulnerabilities. Microsoft paid $58.9 million in rewards to security researchers worldwide across 22 bug bounty programs.
Microsoft Defender for Endpoint has introduced an automatic attack disruption feature that isolates compromised user accounts to prevent lateral movement in hands-on-keyboard attacks. This capability temporarily contains suspicious identities, preventing attackers from using them to escalate privileges, move laterally, perform credential theft, data exfiltration, or encrypt remotely. When an initial stage of a human-operated attack is detected, the feature blocks the attack on the affected device and inoculates other devices within the organization by blocking incoming malicious traffic. Since its introduction, over 6,500 devices have been protected from ransomware campaigns. Defender for Endpoint can also isolate hacked and unmanaged Windows devices, preventing lateral movement within networks.
Microsoft Defender is mistakenly flagging legitimate links as malicious, causing some customers to receive dozens of alert emails. The company is investigating the issue as a false positive and has confirmed that users can still access the legitimate URLs despite the false positive alerts. Microsoft is reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan. The impact is specific to any admin served through the affected infrastructure.