Next-Gen Security: Windows 11 Deprecates NTLM, Adds AI Protections

-

 Source: Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses (thehackernews.com)


Recently, Microsoft announced a security-related uphaul for Windows 11 that included the deprecation of their classic NT LAN Manager (NTLM) protocol in favor of the more secure Kerberos protocol. The expected ETA of this change is set for the second half of 2024, with the vulnerabilities of NTLM being the main driver behind its deprecation by Microsoft. Said vulnerabilities include but are not limited to its lack of support for modern cryptographic algorithms, such as AES and SHA-256, along with its susceptibility to relay attacks. Thus, its replacement by the Kerberos protocol will signify the end of an era to a degree, as NTLM has been a Windows classic ever since the early 2000s. 


However, Microsoft's security-related enhancements for Windows 11 didn't stop at the simple deprecation and replacement of insecure protocols, as it went a step further and introduced several novel AI-powered security enhancements. These included an upgraded Smart App Control, which leverages AI technology to make critical decisions regarding the safety of applications while also proactively blocking those that it suspects to be malicious, insecure, or untrusted. Furthermore, a new Trusted Signing feature assists application developers by simplifying the certificate signing process for their applications, ensuring integrity and nonrepudiation when it comes to their products. 


Further improvements instituted by Microsoft include a mechanism that ensures the default activation of its Local Security Authority (LSA) protection for new consumer devices, along with the use of virtualization-based security (VBS) to enhance Windows Hello technology. Additionally, Win32 app isolation will play a vital role in the security-based segmentation that will be implemented between applications and the operating system to prevent potential damage from compromised apps that target the OS. Windows Protected Print Mode (WPP) is another area in which improvements are being made, as it will now be the default print mode in the newest versions of Windows 11. This will ensure that the printing stack remains secure and that its attack surface is limited in terms of opportunities for exploitation by threat actors. In a bid to strengthen cryptographic defenses, Microsoft will no longer trust TLS server authentication certificates with RSA keys smaller than 2048 to maintain secure connections through more significant key sizes, which are more difficult to compromise. 


This comprehensive roster of updates all falls under Microsoft's broader Secure Future Initiative, which has the stated goals of prioritizing security and holding senior leadership accountable for the achievement, or lack thereof, of cybersecurity goals. Through this approach, the company is envisioning a more secure future for its customers and its operating system, which will be optimized to defend against current and future threats. 


To learn more about the proposed changes, visit The Hacker News

Comments

Post a Comment

Popular posts from this blog

Configuring Secure Cloud Networks with VPN and NAT on AWS: A Personal Project

-
Image
As a passionate and driven cybersecurity enthusiast, I embarked on a side project to enhance my knowledge of cloud security and networking using AWS. This project involved setting up a secure network across two AWS regions using custom VPNs and NAT on EC2 instances. The hands-on experience not only deepened my understanding of AWS but also set me on a path towards better understanding the principles of cloud security as a whole. Objectives and Requirements Objective: Demonstrate configuring a secure network across two AWS regions using custom VPNs and NAT on EC2 instances. Requirements: Select two AWS cloud regions. Create a VPC in each region with distinct CIDR blocks. Configure a public and private subnet in each VPC. Deploy a VPN Gateway VM in the public subnet and a Private VM in the private subnet of each region. Establish a secure tunnel using VPN software between the VPN Gateway VMs. Configure the VPN Gateway VM to provide NAT functionality for the Private VM. Update route table...
Read more

How Misconfigurations Outweigh CVEs in Cybersecurity Risks

-
  Source:  New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs (thehackernews.com) Research conducted by XM Cyber has uncovered that a whopping 80% of security exposures are due to misconfigurations, while a comparatively minuscule 1% are from Common Vulnerabilities and Exposures (CVEs). Their research, which has studied over 40 million exposures, underlines that more efforts should  be directed  toward properly configuring systems to reduce cyber risk.  Focusing solely on  CVEs  results is a flawed security posture, as misconfigured systems can pose a more substantial risk to critical assets than previously understood. They can create more challenging vulnerabilities, especially since they do not appear on typical vulnerability scans that target software versions rather than configurations. Furthermore, with traditional security measures typically  being  CVE-focused, the odds of misconfigurations slipping ...
Read more

30+ Tesla Cars Compromised Due to TeslaLogger Vulnerability

-
Source:  30+ Tesla Cars Hacked Globally Using Third-Party Software (cybersecuritynews.com) Following up on our most recent blog post regarding the threat posed by misconfigurations, a recent incident impacting Tesla places those findings under a brighter spotlight. Due to vulnerabilities caused by misconfigurations in TeslaLogger, a third-party software used for data logging, security researcher Harish SG uncovered that  its insecure default settings could be exploited  to gain unauthorized access. After Harish discovered the issue, it  was reported  to the platform's maintainer, who  is expected  to have taken actions to mitigate or resolve that risk.  It is essential to clarify that the vulnerability and potential remote access associated with it did not reside in Tesla's vehicles or in Tesla's infrastructure but rather stemmed from misconfigurations surrounding the use of default credentials and improper storage of API keys by TeslaLogger. Desp...
Read more