Microsoft Defender antivirus now able to detect ZeroLogon attacks

Microsoft Defender to the rescue

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas announced that its in-houseantivirustools are now able to detect ZeroLogon exploits. Microsoft Defender for Identity can now detect the vulnerability early on, allowing security teams to quickly identify where the attacks are coming from and whether or not they have been successful.

Vulnerability CVE-2020-1472, also known as ZeroLogon, affects Microsoft’s Netlogon Remote Protocol and has been given a 10 out of 10 rating for severity by the Common Vulnerability Scoring System. Although Microsoft released the first patch for the bug back in August, another is not due for release until February and, in any case, it can take organizations months to make sure all their devices are patched up.

The new Microsoft antivirus updates could provide some much-needed protection, therefore. By combining the new Microsoft 365 Defender solutions, businesses can detect threat actors when they are in the process of trying to exploit the ZeroLogon vulnerability against their domain controllers.

Detect and defend

With the Microsoft Defender for Identity alerts in place, organizations will be able to detect which device is attempting a ZeroLogon impersonation, the relevant domain controller, the targeted asset, and whether any impersonation attempts were successful.

“Customers using Microsoft 365 Defender can take full advantage of the power of the signals and alerts from Microsoft Defender for Identity, combined with behavioral events and detections from Microsoft Defender for Endpoint,” Microsoft program manager Daniel Naimexplained. “This coordinated protection enables you not just to observe Netlogon exploitation attempts over network protocols, but also to see device process and file activity associated with the exploitation.”

In late October, Microsoft warned that the ZeroLogon vulnerability was still being exploited in the wild, with attackers targeting unpatched devices. The firm’s new security solutions should provide greater protection even for those companies that have yet to install the necessary patches.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call