Sign in Subscribe
By Jonathan Care, Juliet Edgar in Privileged Access Management

Microsoft's PAM and Patches, Intel and AMD's advisories, and Ivanti's vulnerability. Welcome to a new week. It's CISO Intelligence for Monday 25th November 2024!

Microsoft's PAM and Patches, Intel and AMD's advisories, and Ivanti's vulnerability. Welcome to a new week. It's CISO intelligence for Monday 25th November 2024!

A baby monkey clinging to its parent.
Photo by Pon Esakki Sundar / Unsplash

Table of Contents

  1. Microsoft Details Rock-Solid Windows 11 Admin Protection
  2. A Patchwork of Vulnerabilities: Microsoft's November Fix-Fest
  3. Intel and AMD Have Room Full of Advisories
  4. Ivanti's Vulnerable Side of Happiness: 50 Flaws Patched
  5. Air National Guardsman Takes Leaker of the Year Award in Unwanted Fashion

Microsoft Details Rock-Solid Windows 11 Admin Protection

Board Briefing

Microsoft has unveiled new security features aimed at bolstering administrative protection in Windows 11. Given the heightened risk of cyber threats targeting administrative accounts, these enhancements are pivotal. The board is expected to prioritize discussions on implementing these updates and allocating the necessary resources to reinforce the security posture. Immediate attention is required to assess and deploy strategies that protect administrative endpoints against potential breaches.

CISO's challenge to the team

  1. Identify current administrative vulnerabilities within our Windows 11 systems and prioritize their mitigation.
  2. Develop a deployment plan for integrating Microsoft's new security features into our existing infrastructure.
  3. Monitor and evaluate the effectiveness of these new measures, ensuring they align with our overall cybersecurity strategy.

Supplier Questions

  1. How will the new Windows 11 administrative protection features impact our third-party security tools?
  2. What are the compatibility considerations for integrating these features with our current tech ecosystem?

CISO focus: System Security and Access Management
Sentiment: Positive
Time to Impact: Immediate

New era, who dis? Microsoft once again tinkers with the windows while hackers try to jimmy the door.

Microsoft Upgrades Windows 11 Administrative Protection

Microsoft has turned its attention to fortifying administrative protection in Windows 11, offering a fresh set of security enhancements designed to combat increasingly sophisticated cyber threats. These updates arrive at a time when system administrators face mounting challenges in protecting organizational data from unauthorized access and malicious activities.

Spotlight on Admin Security

Administrative accounts are often the prime target for cybercriminals seeking unrestricted access to critical systems and sensitive data. Recognizing this, Microsoft has strengthened its security offerings for Windows 11, providing administrators with new tools and features to safeguard these high-value targets.

Highlights of the Windows 11 admin protection update include:

  1. Enhanced Credential Guard: Microsoft has bolstered its Credential Guard technology, which utilizes virtualization-based security to isolate secret data, ensuring that credentials remain protected from theft and replay attacks.

  2. Updated Local Security Authority (LSA) Protection: These updates make it significantly more challenging for malware to obtain elevated privileges by targeting the LSA process. This advancement is crucial in keeping administrative credentials secure and far from the reach of attackers.

  3. Tamper Protection: By default, Tamper Protection will now shield security settings from unauthorized changes, providing administrators confidence against inadvertent or malicious alterations.

  4. Improved Event Logging: Enhanced logging capabilities allow for more granular monitoring of administrative activities, aiding in the detection and response to suspicious events swiftly and efficiently.

Why the Focus on Admin Accounts?

In the past, cyber incidents have shown how hackers exploit weak administrative controls to orchestrate comprehensive attacks, often leading to severe data breaches and operational disruptions. Microsoft’s focus on fortifying administrative accounts is a direct response to these threats and aims to provide a more robust defense against emerging cyber challenges.

This strategic enhancement aligns with broader industry trends that prioritize zero trust and multi-factor authentication strategies. By compartmentalizing and safeguarding admin credentials, businesses can better prevent unauthorized access, even in the event of a perimeter breach.

Moving Beyond Just Technology

Microsoft's latest update underscores the ever-evolving nature of cybersecurity threats and the continuous need for organizations to stay a step ahead. However, technology alone isn’t the silver bullet; the human element, including training and awareness, is equally crucial.

Organizations are encouraged to:

  • Conduct Regular Security Training: Ensure that administrators and other stakeholders are well-versed in the latest security practices and understand how to leverage new tools effectively.

  • Implement Strict Least Privilege Policies: Limit administrative access to only those who absolutely require it, thus minimizing potential attack surfaces.

  • Adopt Comprehensive Incident Response Plans: Prepare to react nimbly to potential threats with well-documented and practiced incident response strategies.

Tech Giants in Arms Race

Microsoft isn't alone in its quest to tighten security—tech rivals and allies, such as Google and Amazon, constantly innovate their cybersecurity measures. This perpetual arms race underscores the vital importance for organizations to remain vigilant and proactive in their cybersecurity approach.

SMEs and Large Enterprises: Adapt or Risk Falling Behind

While large enterprises are often equipped with the resources to rapidly deploy these updates, smaller businesses might grapple with implementation due to budgetary or resourcing constraints. However, failing to adapt quickly could render them vulnerable to attacks, emphasizing the importance of cross-industry collaboration, reskilling, and possibly seeking external cybersecurity expertise.

In Tidier Windows

Microsoft's latest moves towards a more secure administrative environment herald a significant step forward in the fight against cyber threats. By offering enhanced controls and protection within Windows 11, Microsoft seeks to create an ecosystem where vulnerabilities are harder to exploit, and security breaches are less likely to occur. For the security-conscious organizations, this is a move welcomed with open arms, promising not just protection but peace of mind.

Previous

Sunday Fun Read! Space Giants Under Siege: When Cyber Villains Attack the Cosmos

 Next

Ford's Data Breaches, 2023 whack-a-mole, BrazenBamboo's VPN exploits, 2025 crimeware, and PHP (Again). Despite everything, it's CISO Intelligence for Tuesday 26th October 2024

You might also like...

We're Walking in the Cloud, The Phish in Your Email, Circling the Cyber Wagons, MS Fixing Its 'Oops', and the Russian Pimpernel - It's All in CISO Intelligence for Wednesday 11th December 2024!
Vulnerability Management

We're Walking in the Cloud, The Phish in Your Email, Circling the Cyber Wagons, MS Fixing Its 'Oops', and the Russian Pimpernel - It's All in CISO Intelligence for Wednesday 11th December 2024!

Today we look at securing the growing cloud workspace, avoiding being prey in the phishing pool, keeping the Pen Test game plans up to date, Microsoft messing up and making a swift recovery, and blocking the elusive Russian cyber thief. CISO Intelligence deep dives on Wednesday 11th December 2024!
Read More
Jonathan Care
The Human Touch, Google Play Distributing SpyWare, The American 'Sleeper,' Looking for Human Weak Spots, and What Will Tomorrow Look Like: We all need CISO Intelligence for Tuesday 10th December 2024!
Privacy

The Human Touch, Google Play Distributing SpyWare, The American 'Sleeper,' Looking for Human Weak Spots, and What Will Tomorrow Look Like: We all need CISO Intelligence for Tuesday 10th December 2024!

We look at Phools with Foolproof Plans, how borrowing can easily become a breach, and the unwanted surprises behind warranted spyware. In addition we explore Human Hacking (with a side of hustle), protecting tomorrow's world, and how airport security can be bypassed with an old favourite.
Read More
Jonathan Care
What's in CISO Intelligence for Monday 9th December? Windows Patch Dependency, The Perils of Digital Transformation, A Lack of Bridges, Password Policies, and Gambling with Email Security - Buckle Up!
Vulnerability Management

What's in CISO Intelligence for Monday 9th December? Windows Patch Dependency, The Perils of Digital Transformation, A Lack of Bridges, Password Policies, and Gambling with Email Security - Buckle Up!

Today, we are Dances with Patchables. looking under the Cyber Hood, and discovering we have Tunnel Vision. Meanwhile, Passwords Attack (you knew they would), we jive with the Cybersecurity Boogeyman, and Iran limbo dances under the bar between espionage and warfare.
Read More
Jonathan Care
Mimicry is Not Always Flattery, UK Hospitals Bleeding Out, Phishing - Let Us Count the Ways, Does No Server Mean No Security, and AI Fakery Sight Big Business: We got many rivers to cross in CISO Intelligence for Friday 6th December 2024!
Incident Response

Mimicry is Not Always Flattery, UK Hospitals Bleeding Out, Phishing - Let Us Count the Ways, Does No Server Mean No Security, and AI Fakery Sight Big Business: We got many rivers to cross in CISO Intelligence for Friday 6th December 2024!

In today's edition, we take a look at a nasty little ransomware called Mimic, place our stethoscope to the chest of the UK health system, and unleash our ID in an invite to cyber mayhem! We also take a look at serverless security, and how fake news campaigns are targeting the corporate workplace.
Read More
Jonathan Care