CATEGORIES
home News

Microsoft Defender Is About To Make It Tougher For Hackers To Steal Windows Passwords

by Lane BabuderTuesday, February 15, 2022, 01:50 PM EDT
windows security news
Passwords get compromised every day through devices, services, and operating systems. Microsoft's operating system, Windows, is no different. To help combat this, Microsoft's antivirus utility, Defender, is getting a new (and much welcomed) default policy setting.

Building on Microsoft's efforts in security as of late, the Redmond tech giant is adding to its arsenal of changes to improve enterprise security. The modification to Windows Defender, at least on Enterprise and Pro editions of Windows, is within a policy known as Attack Surface Reduction (a.k.a. ASR). This policy, disabled by default in the past, will now be enabled on most enterprise Windows devices. The discovery in default policy change was discovered this week by Twitter user Kostas.

defender screenshot
The ASR policy, when not enabled, allows access to a process known as LSASS, which in turn would allow an attacker to view hashes of passwords. These hashes can then be decrypted, or even just forwarded into other systems or processes. Doing so can effectively grant access, including administrative level, to devices that share passwords or use things like Active Directory for logging in the same users on the same network. All of this means that effectively the safest course of action is to simply not allow access to the process. Enabling this policy does just exactly that.

Though this is not as extreme of a modification as doing something like disabling all downloaded macros in Microsoft Office files by default on Enterprise, it is a step in a better security direction for security. It is worth mentioning if an organization does use a security solution that replaces Microsoft Defender, it will disable the ASR policy by default. The policy is disabled with alternatives because most solutions also protect the LSASS process as it is, anyway.

defender ms office building
We view all of the security-focused changes Microsoft has been pushing lately to be good, even if some of them cause problems at first. In the past, system administrators may have disabled this policy because of legacy software that might need access to the LSASS process. However, according to security researchers today, there is no good reason for a modern application to need access to the LSASS process. So kudos to Microsoft for making the policy change in Defender.
Tags:  Microsoft, security, (nasdaq:msft), microsoft defender
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment