Russian hackers made millions by stealing SEC earning reports
Threat actors steal $80 million per month with fake giveaways, surveys
Log4j vulnerability now used to install Dridex banking malware
US returns $154 Million in bitcoins stolen by Sony employee
PYSA ransomware behind most double extortion attacks in November
New Dell BIOS updates cause laptops and desktops not to boot
2easy now a significant dark web marketplace for stolen data
800K WordPress sites still impacted by critical SEO plugin flaw
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Windows 10 21H2 adds ransomware protection to security baseline
Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit.
“This Windows 10 feature update brings very few new policy settings,” Microsoft security consultant Rick Munck said.
“One setting has been added for this release for printer driver installation restrictions (which was also added to the Windows 11 release). Additionally, all Microsoft Edge Legacy settings have been removed,”
However, the highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default (this was also made a default setting in the Windows 11 security baseline two months ago).
When toggling on the Microsoft Security Baseline for Windows 10 21H2, Redmond urges admins to toggle on Defender for Endpoint’s tamper protection feature to protect against human-operated ransomware attacks.
This feature does that by blocking attempts by ransomware operators or malware to disable OS security features and security solutions to gain easier access to sensitive data and deploy further malware or malicious tools.
Tamper protection automatically locks Microsoft Defender Antivirus using the default secure values, thwarting attempts to change them using the registry, PowerShell cmdlets, or group policies.
After enabling it, ransomware operators would have a considerably more challenging task when trying to:
With the new Windows 10 21H2 security baseline, Redmond removed all Microsoft Edge Legacy settings after its EdgeHTML-based web browser reached end of support in March.
“Going forward, please use the new Microsoft Edge (Chromium-based) baseline, which is on a separate release cadence and available as part of the Microsoft Security Compliance Toolkit,” Munck added.
Microsoft also added a new setting to the MS Security Guide custom administrative template designed to restrict printer driver installation to users with Administrator privileges.
The new recommendation follows security updates released starting with July 2021 to address the CVE-2021-34527 PrintNightmare remote code execution flaw impacting the Windows Print Spooler service.
Windows security baselines provide Microsoft-recommended security configurations which reduce Windows systems’ attack surface and increase the overall security posture of enterprise endpoints.
“A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact,” as Microsoft explains. “These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.”
The Windows 10 21H2 security baseline is now available for download via the Microsoft Security Compliance Toolkit, and it includes Group Policy Object (GPO) backups and reports, the scripts needed to apply settings to the local GPO, as well as Policy Analyzer rules.
“Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and customize / implement as appropriate,” Munck added.
More info on the changes that the new Windows 10 21H2 security baseline comes with is available in this Microsoft Security Baselines blog post.
How to download a Windows 10 21H2 ISO from Microsoft
Windows 10 21H2 is released, here are the new features
Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Microsoft: Secured-core servers help prevent ransomware attacks
Not a member yet? Register Now
Microsoft warns of easy Windows domain takeover via Active Directory bugs
Log4j vulnerability now used to install Dridex banking malware
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Customize the Windows 11 experience with these free apps

Hackers exploit Microsoft MSHTML bug to steal Google, Instagram credsApple sues spyware-maker…

New zero-day exploit for Log4j Java library is an enterprise nightmare

New zero-day exploit for Log4j Java library is an enterprise nightmareALPHV BlackCat…

Surveillance firm pays $1 million fine after 'spy van' scandal

AMD fixes dozens of Windows 10 graphics driver security bugsVoid Balaur hackers-for-hire…

Microsoft increases Windows 11 rollout pace to Windows 10 devices

US indicts Iranian hackers for Proud Boys voter intimidation emailsWinamp prepares a…