Dec 9, 2021
0 0

Microsoft: Secured-core servers help prevent ransomware attacks

Written by

Emotet now drops Cobalt Strike, fast forwards ransomware attacks
SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs
Grafana fixes zero-day vulnerability after exploits spread over Twitter
Microsoft starts rolling out redesigned Notepad for Windows 11
Amazon is shutting down web ranking site
New Windows 11 Voice Access lets you control the OS with your voice
Windows 11 can now install WSL from the Microsoft Store
Microsoft: Secured-core servers help prevent ransomware attacks
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Microsoft: Secured-core servers help prevent ransomware attacks
Microsoft says the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices are now available to protect customers’ networks from security threats, including ransomware attacks.
Secured-core devices are marketed as a solution to the increasing number of firmware vulnerabilities attackers can exploit to bypass a Windows machines’ Secure Boot and the lack of visibility at firmware level in today’s endpoint security solutions.
All Secured-core devices come with built-in protection for threats that abuse firmware and driver security flaws are since October 2019. They can help defend against malware designed to take advantage of driver security flaws to disable security solutions.
The newly certified Secured-core servers use Secure boot and the Trusted Platform Module 2.0 to ensure that only trusted will be able to load on boot.
They also leverage Dynamic Root of Trust Measurement (DRTM) to launch the operating system into a trusted state, blocking malware attempts to tamper with the system.
Secured-core servers also use Hypervisor-Protected Code Integrity (HVCI) to block all executables and drivers (such as Mimikatz) not signed by known and approved authorities from launching.
“Additionally, since Virtualization-based security (VBS) is enabled out of the box, IT administrators can easily enable features, such as Credential Guard, which safeguard the credentials in an isolated environment that is invisible to attackers,” Microsoft said.
By blocking credential theft attempts, Secured-core servers can help make it much harder for threat actors (including ransomware gangs such as REvil) to move laterally through the network, thus stopping their attacks before they can gain persistence and deploy their payloads.
For instance, Secured-core servers would have stopped RobbinHood Ransomware operators from exploiting a vulnerable GIGABYTE driver to elevate privileges and install malicious unsigned Windows drivers.
This made it possible to terminate antivirus and security software processes on compromised systems to bypass anti-ransomware defenses and deploy their payloads across the victim’s network.
Dozens of models with Secured-core server functionality are now available in the Azure Stack HCI catalog and the Windows Server Catalog lists.
You can manage the servers’ configuration and status together with all Windows clients on the network through the locally deployed and browser-based Windows Admin Center app.
“The Windows Admin Center UI allows you to easily configure the six features that encompass Secured-core server: Hypervisor Enforced Code Integrity, Boot Direct Memory Access (DMA) Protection, System Guard, Secure Boot, Virtualization-based security, and Trusted Platform Module 2.0,” Microsoft added.
Redmond first announced that Windows Server 2022 will expand Secured-core to the Windows Server platform when the new release entered preview in March.
Microsoft Defender for Endpoint fails to start on Windows Server
Microsoft Exchange servers hacked to deploy BlackByte ransomware
New Windows zero-day with public exploit lets you become an admin
Microsoft warns of the evolution of six Iranian hacking groups
Microsoft adds AI-driven ransomware protection to Defender
Not a member yet? Register Now
Google disrupts massive Glupteba botnet, sues Russian operators
Grafana fixes zero-day vulnerability after exploits spread over Twitter
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Comments are closed.