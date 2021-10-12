Microsoft to add protection against Bronze Bit attacks in security system
Microsoft has revealed that it is working on adding protection to Bronze Bit attacks in Defender for Identity, the security system for corporate customers of its cloud computing platforms — Bronze Bit can allow attackers bypass authentication and access confidential network services. The idea is to facilitate the work of security teams in detecting attempts related to the attack, mitigated in February this year, but which still appears as a constant threat to organizations.
Discovery last year , the breach opened by the so-called CVE-2020-2021 allows attackers to scale the system permissions of a system, circumventing delegation protections and allowing lateral movement across networks, and the use of tickets that allow an intruder to impersonate a certified user. The opening was initially mitigated in December 2020, receiving mandatory application of the patch related to it in February 83.
According to Microsoft, alerts will be issued to system administrators where there is evidence that the Bronze Bit method is being used to delegate privileges from the Kerberos system , used for this purpose. The disclosure is mainly due to the fact that proofs of concept involving exploration are available, which means that infrastructures that have not yet been updated remain vulnerable to this category’s scams.
The addition joins other recent updates to Microsoft Defender for Identity, which include alerts related to the PrintNightmare breach as well, which reaches remote printing systems. It has also been mitigated, with the placement of support for alerts aimed at openness being focused on users not yet updated or on systems where this is not possible, requiring the attention of security experts or network administrators.
As in the case of other protections, the alert system aimed at Bronze Bit attacks will be available in all signatures of the security platform, being also present in test versions of the system. The forecast is that the novelty will start working in December of this year.
Source: Microsoft, Bleeping Computer
