Home » Technology » Microsoft » Microsoft Defender makes password protection more secure

Microsoft Defender makes password protection more secure

Microsoft Defender will be equipped with new features designed to make it much more difficult for attackers to steal password information from a system. So far, this has sometimes been achieved with manageable effort. Attackers attempt to create a copy of the storage area used by the Local Security Authority Server Service (LSASS). It contains at least the NTLM hashes of the passwords of the users of a Windows system. However, since most users do not use overly complex identifiers, it is quite possible to recover the plain text passwords using brute force attacks.

Although Microsoft Defender is already taking action against some malware that wants to create LSASS dumps and send them to their operators, there is still no suitable general solution here. Windows itself offers the possibility to completely protect the affected memory area from unauthorized access by placing it in its own container – however, this can lead to problems when using different drivers or other applications, so many administrators leave this option without it. This is from a recent report bleeping computer from.

ASR standard

Therefore, Microsoft now equips Defender with the option to leave the Attack Surface Reduction (ASR) rule enabled by default. This also prevents processes running with administrator privileges from accessing the LSASS memory areas. Therefore, a landfill cannot be created in the first place. The change has not yet been officially communicated by Microsoft.

However, a security researcher discovered them while familiarizing himself with the latest developments in Defender. The change is also a minor refocus from Microsoft – as the ASR rule was previously not enabled by default, as it left a relatively large number of entries in the event logs and thus caused confusion. This is now accepted in favor of greater security.