Easily detect CVE-2024-21427 with Microsoft Defender for Identity
A recent CVE-2024-21427 Windows Kerberos Security Feature Bypass Vulnerability has been fixed to prevent the potential bypass of authentication policies configured in Active Directory. To ensure the latest protections are in place, the latest security updates, including the most recent patch, should be deployed to servers and devices. The Microsoft Defender for Identity team has added a new activity to the Advanced Hunting experience in the Defender portal that can assist in spotting possible attempts to exploit this vulnerability.
An advanced hunting activity has been added that monitors Kerberos AS authentication and can be used by customers to create their own custom detection rules within Microsoft Defender XDR to automatically trigger alerts for this activity. The tutorial includes information on monitoring Kerberos AS authentication and creating custom detection rules within Microsoft Defender XDR using the advanced hunting query and trigger alerts.
You can check the MSRC page for more information on this vulnerability and to stay up-to-date on the latest Defender for Identity capabilities, follow the "What's New" documentation page.
Published on:
Learn moreRelated posts
New steps have been released to mitigate Kerberos signature validation vulnerabilities
Recent developments related to the Kerberos PAC Validation Protocol have necessitated the release of certain Take Action steps. These new step...
Out-of-band updates to address a Windows Server domain controller issue
Microsoft has released out-of-band (OOB) updates for some versions of Windows to address an issue related to a memory leak in the Local Securi...
Data Loss Prevention – Out-of-box Advanced Hunting queries for Data Loss Prevention incidents in Microsoft 365 Defender
This post provides information about how to use out-of-box advanced hunting queries for Data Loss Prevention incidents in Microsoft 365 Defend...
Halloween Special - Beware the Shadows of Active Directory - Security Horror Stories with Sean Metcalf: The Practical 365 Podcast S4 E7
Get ready for a Halloween-themed episode of the Practical365 podcast, featuring a special guest appearance by Sean Metcalf, CTO of Trimarc. Jo...
Migrate to the Authentication methods policy in Azure Active Directory by September 30, 2025
Attention Azure Active Directory users! On September 30th, 2025, Microsoft will be retiring the management of authentication methods in the le...
Step-up authentication with Defender for Cloud Apps and Authentication Context
If you're interested in implementing step-up authentication for specific scenarios, this post is for you. The article explores the integration...
New Alert for Microsoft 365 Defender Password Spray Detection
Microsoft 365 Defender is rolling out a new alert to detect password spray attacks originating from authentic cloud service providers. The ale...
Advanced Threat Hunting with Microsoft 365 Defender
In this podcast episode, Michael and Michael dive into the world of advanced threat hunting using Microsoft 365 Defender. Joining the conversa...
I am Shroot-less
On this episode of Security Unlocked, Jonathan Bar Or, Principal Security Researcher at Microsoft, joins hosts Natalia Godyla and Nic Fillingh...