Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Uncategorized

Microsoft Proposes Azure Sentinel Solution for Finding Vulnerable Netlogon Clients

Azure Sentinel News Editor by Azure Sentinel News Editor
November 13, 2020
in Uncategorized
0
Microsoft Proposes Azure Sentinel Solution for Finding Vulnerable Netlogon Clients
1.4kViews

Microsoft engineers outlined a way to find vulnerable Netlogon channel connections for organizations using newer Windows Server systems.

These connections will get blocked in February if Netlogon clients aren’t upgraded beforehand. The details are described in a Thursday announcement by Jon Shectman, a Microsoft Premier field engineer specializing in security issues and fellow security Premier Field Engineer Brian Delaney. This Netlogon security issue affects organizations running Windows Server 2019 or Windows Server 2016.

Microsoft’s solution for finding vulnerable Netlogon connections depends on using Azure Sentinel, which is Microsoft’s cloud-based security information event management (SIEM) solution. Azure Sentinel pricing has a pay-for-use model, based on the capacity processed per day, although there’s a free trial, per Microsoft’s pricing page.

Netlogon is used for “user and machine authentication on domain-based networks,” per Microsoft’s definition, but it has a security vulnerability associated with Windows Server 2019 or Windows Server 2016 systems that was described earlier this month during “update Tuesday,” which is Microsoft monthly security patch release event.

On Aug. 11 (update Tuesday), Microsoft kicked off a two-phase patch process for Netlogon in those servers to address a “Critical”-rated elevation-of-privilege vulnerability (CVE-2020-1472). Microsoft’s Aug. 11 patch provided initial protection, but Microsoft plans to deliver another patch in February that will activate a “secure Remote ProtoCol (RPC).”

Organizations running Windows Server 2019 or Windows Server 2016 will need to have updated their Netlogon clients before that time to avoid an issue where devices will get denied access. It turns out that the patch activating secure RPC will arrive on Feb. 9, 2021 (update Tuesday for that month), which is billed as the “enforcement” date by Microsoft.

Microsoft’s solution to finding Netlogon clients that need updating before the Feb. 9, 2021 enforcement date is to use the Insecure Protocols Workbook in Azure Sentinel, as outlined in the announcement.

“Once you know where to look, you’ll need to upgrade all Netlogon clients,” Microsoft’s announcement indicated, without explaining how to do the upgrading. It’s still possible to get thrown by insecure connections with “Realm trusts,” though, which “may require more planning to remediate,” the announcement added.

Possibly, Microsoft will ease the detection process somewhat when using the Insecure Protocols Workbook by updating it with the associated Netlogon event IDs. At least, that idea was thought to be a good one by Shectman in this Twitter exchange.

Reference: https://redmondmag.com/articles/2020/08/28/azure-sentinel-solution-for-netlogon.aspx

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Microsoft suspends 18 Azure accounts tied to China-based hackers
SIEM

How to export data from Splunk to Azure Sentinel

December 18, 2020
What’s new: Microsoft Teams connector in Public Preview
SOC

What’s new: SOC operational metrics now available in Azure Sentinel

November 27, 2020
Microsoft Reorg Leads to Significant Changes for Windows and Azure
Security and Compliance

Microsoft Reorg Leads to Significant Changes for Windows and Azure

November 25, 2020
Next Post
KPMG Announces New Security Offering For Microsoft Azure Sentinel

KPMG Announces New Security Offering For Microsoft Azure Sentinel

Microsoft: Azure-based Sentinel security gets new analytics to spot threats in odd behavior

Microsoft: Azure-based Sentinel security gets new analytics to spot threats in odd behavior

Mimecast® Email Security for Azure Sentinel is now available in the Microsoft Azure Marketplace

Mimecast® Email Security for Azure Sentinel is now available in the Microsoft Azure Marketplace

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Microsoft is quietly becoming a cybersecurity powerhouse

What is the app@sharepoint Account in my Azure Sentinel Data?

2 months ago
Azure Sentinel All-In-One Accelerator

Azure Sentinel All-In-One Accelerator

4 months ago
Insight Recognized as a Microsoft Security 20/20 Partner Award Winner for Azure Security Deployment Partner of the Year

Remediate Vulnerable Secure Channel Connections with the Insecure Protocols Workbook

3 months ago
Microsoft announces Azure Sentinel SIEM general availability

Microsoft announces Azure Sentinel SIEM general availability

4 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News