Microsoft Defender for Endpoint has been updated to isolate unmanaged Windows devices within organizations' networks that have been impacted or suspected to be affected by cyberattacks, BleepingComputer reports.
Microsoft noted that Defender for Endpoint will be preventing communications to and from devices that have been flagged as contained in an effort to curb lateral movement among threat actors.
"This action can help prevent neighboring devices from becoming compromised while the security operations analyst locates, identifies, and remediates the threat on the compromised device," added Microsoft. System administrators looking to determine whether their devices are compromised could check the Microsoft 365 Defender portal's 'Device Inventory' page and then select the 'Contain device' option and the 'Confirm' prompt, with communication blocking effective five minutes upon device containment.
Devices that have been isolated could be removed from containment by selecting an option within 'Device Inventory'. However, such device containment feature could only be used in devices running Windows 10 or Windows Server 2019 and later, according to Microsoft.
Compromised unmanaged devices isolated by Microsoft Defender
Microsoft Defender for Endpoint has been updated to isolate unmanaged Windows devices within organizations' networks that have been impacted or suspected to be affected by cyberattacks, BleepingComputer reports.
Widespread adoption of artificial intelligence could substantially change U.S. law, several experts said at the InfoSec World 2024 security conference.
Aside from inconsistencies between Content Validator inputs and those received by the Content Interpreter, such an issue was also caused by an out-of-bounds flaw in the Content Interpreter and inadequate testing, according to a root cause analysis issued by CrowdStrike.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news