68890 – Azure Advanced Threat Protection: Microsoft Defender for Identity – Detection improvement – Netlogon

cloudscout.one Icon

check before: 2021-02-28

Product:

Azure Advanced Threat Protection, Defender

Scope:

Please log-in or
get a plan

Platform:

World tenant, Online

Links:

Details:

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol, also known as Netlogon Elevation of Privilege Vulnerability. Defender for Identity already has a detection for this, but this improvement adds capabilities to determine potential encryption and null source account logic detection to the alert, improving accuracy and potential for false positives.

Change Category:
Please log-in or
get a plan

Status:
In development

Ring:
General Availability

Created:
2020-11-24

updated:
2020-12-04

Change type:
New feature, Admin impact

task type:

an advanced plan is required to see all details


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose for a plan.


more to explore