Password theft is undoubtedly one of the biggest problems we face on the Internet. In this article we are going to explain how Microsoft is going to make the keys more protected in Windows. They have reinforced security to make it more difficult for them to end up in the wrong hands and have intruders in our accounts and online services.
Windows Defender will better protect passwords
Undoubtedly, Windows Defender has established itself in recent years as one of the best and most widely used antiviruses on Microsoft systems. It is free and has the advantage that it is integrated into the system itself, so users with less experience will not have to install or configure anything.
It now includes a new rule that they consider very important to increase the security of their antivirus. They want to block an attempt by hackers to steal Windows passwords and thus allow intruders to enter.
Let’s talk about LSASS.exe first, a process that you can see if you go into the Task Manager. What this process does is authenticate users who log in to the system. It is protected by a feature of Windows Defender called Credential Guard, but it is not supported by all programs.
What does this mean? For example it is not implemented in card drivers. If an attacker were to exploit the system, he could access that process through certain tools such as Mimikatz and could dump the usernames and passwords that are stored.
The problem is that Windows Defender does not block this access since LSASS.exe is a legitimate process. What it does is detect applications that can maliciously access that process. But of course, it does not prevent that dump of usernames and passwords. That’s where the whole problem is.
New rule to avoid attacks
What Microsoft has done is include a new rule in Windows Defender to minimize the attack surface. Basically what it does is protect the LSASS.ese process from illegitimate and unauthorized access. They have called this new rule Attack Surface Reduction (ASR).
The rule is responsible for preventing programs from opening LSASS and thus preventing them from dumping usernames and passwords. In addition, the blocking is done even if it is a program that has elevated privileges. But best of all, the rule will be configured by default, so you won’t have to do anything.
Your Windows passwords will now be more protected. You just have to always make sure you have the latest versions installed. In this way you can access the latest developments in terms of performance and security of Microsoft systems. This will allow you to protect your equipment to the maximum.
However, although Microsoft now protects passwords better, it is important that you follow guidelines to avoid security problems. It is essential to avoid malware or fall into the trap of Phishing attacks and the like that can steal your passwords. You can use the USBStealer tool to test your keys on Windows.