Microsoft has confirmed on Monday its plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, announcing a series of new security measures to strengthen the widely used desktop operating system.
Windows 11 and the new protocols coming soon
“Removing NTLM has been an important request from our security community as it will strengthen user authentication, and removal [del protocollo NTLM su Windows 11] is scheduled for the second half of 2024“, has declared the tech giant.
The Windows manufacturer had announced first its decision to abandon NTLM in favor of Kerberos for authentication in October 2023.
Despite NTLM’s lack of support for cryptographic methods like AES or SHA-256, the protocol was also made susceptible to relay attacksa technique widely exploited by the hacker group known as APT28,linked to Russia, via zero-day vulnerability in Microsoft Outlook.
More Windows 11 changes coming soon
Other changes coming to Windows 11 include enabling security protectionLocal Security Authority (LSA) by default for new consumer devices and the use of virtualization-based security (VBS) to protect Windows Hello technology.
Smart App Control, which protects users from running untrusted or unsigned applications, has also been updated with an artificial intelligence (AI) model to determine the safety of apps and block those that are unknown or contain malware.
To complete Smart App Control there is a new end-to-end solution called Trusted Signing which allows developers to sign their apps and simplifies the entire certificate signing process.
Other notable security improvements include the following –
- Win32 app isolationdesigned to contain damage if an application is compromised by creating a security boundary between the application and the operating system
- Restrict abuse of administrator privileges requiring explicit user approval
- VBS environments for third-party developers to create secure execution environments
Microsoft also stated that on Windows 11 it will make Windows Protected Print Mode (WPP), revealed in December 2023 as a way to counter the risks posed by the Privileged Spooler process and protect the print stack, the default print mode in the future.
In doing so, the idea is to run Print Spooler as a limited service and dramatically reduce its appeal as an avenue for cybercriminals, so as to get elevated permissions on a compromised Windows 11 system.
Redmond also said it will no longer trust TLS server authentication certificates (transport layer security) with RSA keys smaller than 2048 bits due to “advances in computing power and cryptanalysis.”
Rounding out the list of security features is Zero Trust Domain Name System (ZTDNS), which aims to help business customers to block Windows 11 within their networks by natively limiting Windows devices to connect only to approved network destinations by domain name.
These improvements also follow criticism of Microsoft’s security practices that allowed state actors from China and Russia to breach its Exchange Online environment, with a recent report from the US Cyber Safety Review Board (CSRB) noting that the company’s security culture requires an overhaul.
In response, Microsoft has outlined radical changes to prioritize security above all else as part of its Secure Future Initiative (SFI) and hold senior leadership directly accountable for achieving cybersecurity objectives.
Google, for its part, said the CSRB report “highlights an urgent and long overdue need to adopt a new approach to security“, urging governments to procure systems and products that are safe by designto enforce safety recertifications for products that experience major safety incidents, and to be aware of the risks posed by monoculture.
“Using the same vendor for operating systems, email, office software, and security tools […] the risk that a single breach compromises an entire ecosystem increases“, has declared the company.
“Governments should adopt a multi-vendor strategy and develop and promote open standards to ensure interoperability, making it easier for organizations to replace insecure products with ones that are more resilient to attacks.”
#Windows #remove #NTLM #put #AIbased #control
