Security News for November 2017
Windows offers a potent solution against tech support scams in the form of the Windows Defender SmartScreen. This blocks tech support scams and malicious websites, along with phishing sites as well as those hosting malicious downloads.
Early in November, a vulnerability dubbed as #AVGater was discovered to be affecting certain antivirus products. It uses a relatively old attack vector that works to restore previously quarantined files using a non-administrator level account. Fortunately, Windows Defender Antivirus is not among the antivirus products affected by the vulnerability. Windows Defender has built-in protections against many known user-account-permissions vulnerabilities.
Recent security attacks leave little forensic evidence, if at all, making them more discreet and persistent. Attackers would typically use methods allowing exploits to remain resident within a vulnerable or already exploited process or migrate to some long-lived process without creating a trail (such as a file on disk). These techniques range from basic cross-process migration to more advanced methods like process hollowing and atom bombing, which help them avoid detection. Windows 10 continuously strengthens its defense capabilities so users can have full protection against the wide range of modern and ever more sophisticated attacks. Windows Defender, for instance, can detect exploitative activities like reflective DLL loading, which helps security operations personnel to quickly identify and in turn respond to attacks within their networks.
The latest Windows Patch Tuesday include updates and fixes for a total of 53 security bugs in an entire range of applications, including Windows OS, various Office offerings, Microsoft Edge, Internet Explorer,.NET Core, ASP.NET Core, as well as the browser engine Chakra Core, among many others.