Security is a very important factor when using our devices. Sometimes vulnerabilities arise that can compromise us and put our data at risk. Today we echo an important news, since Windows Defender for Identity , the cloud version of the popular Microsoft antivirus, has added detection against Zerologon attacks.
Windows Defender for Identity detects Zerologon attacks
In recent months we have seen various news related to the Zerologon attacks . It is a vulnerability that affects the Windows Remote Protocol and that was detected by the software giant in August. Since then we have seen different attack campaigns to take advantage of this problem.
Fortunately, this security flaw can be corrected if we have our system correctly updated. The problem is that many computers today still do not have the latest versions and are therefore vulnerable to this security flaw.
Now Microsoft has added support for detecting Zerologon exploit . Users who have Windows Defender for Identity will be able to take advantage of this new feature. In this way we can receive alerts in case they try to exploit this security flaw and thus compromise our system.
Alerts displayed whenever a Zerologon exploit or related activity is detected will allow SecOps teams to quickly obtain information about the device or domain controller behind the attack attempts.
Additionally, as Microsoft Program Manager Daniel Naim points out, users using Microsoft 365 Defender can take full advantage of the power of Microsoft Defender for Identity signals and alerts, combined with behavioral events and Microsoft Defender for Endpoint detections. .
It mentions that this coordinated protection allows not only to observe Netlogon exploitation attempts through network protocols, but also to see the process of the device and the activity of the files associated with that exploitation.
Best defense, upgrades
However, even if we make use of security tools that can protect our systems and avoid problems of this type, without a doubt the best defense is to have the latest updates available. Security patches correct these flaws that can be exploited by possible intruders who seek to access our computers.
In the case of Zerologon it is essential to have the Microsoft system correctly updated. Since August there are patches to fix the problem, but as we say, many computers are still not properly protected today.
From this article we constantly recommend keeping equipment updated with the latest versions. This affects the operating system itself, as well as the different programs that we use. It is vital to avoid problems that may affect us, but also to optimize the available resources to the maximum and that the systems work as well as possible.
Ultimately, Windows Defender for Identity is now capable of detecting Zerologon attacks, a problem that affects Microsoft systems. Of course, beyond being able to count on this possibility, the ideal is to have the patches correctly installed. We leave you an article with some information security tips for the home.
