The native Windows antivirus, Microsoft Defender, has incorporated a new feature by default with which it blocks attempts to steal the credentials saved in the system through the local security subsystem of the operating system.

The American company has extended the protection measures activated by default in the Windows operating system and its variant for Windows Server servers, with a new security standard that seeks to reduce the impact surface of cyberattacks, as reported by Microsoft in a document from the medium.

News

The most notable new feature concerns a feature known as “Block Windows Local Security Authority Subsystem (LSASS) credential theft,” which adds additional protection to the Windows Defender password element.

MICROSOFT - Archive (MICROSOFT/Europa Press) — MICROSOFT – Archive (MICROSOFT/Europa Press)

LSASS authenticates users accessing a Windows device, including numerous keys, and is protected by Windows Defender’s Credential Guard feature.

However, some organizations cannot enable this protection on their devices due to compatibility issues. In these cases, hackers can use tools to access plaintext credentials and NTLM hash keys for other passwords.

With the new protocol, the Windows security subsystem’s credential theft blocker becomes the default setting, with the ‘block’ option selected by default, reducing the need for end-user notifications.

Company administrators will be able to manually change this aspect if they wish and will have three option modes to choose from audit, warning or disabled