Easily detect CVE-2024-21427 with Microsoft Defender for Identity

Easily detect CVE-2024-21427 with Microsoft Defender for Identity

A recent CVE-2024-21427 Windows Kerberos Security Feature Bypass Vulnerability has been fixed to prevent the potential bypass of authentication policies configured in Active Directory. To ensure the latest protections are in place, the latest security updates, including the most recent patch, should be deployed to servers and devices. The Microsoft Defender for Identity team has added a new activity to the Advanced Hunting experience in the Defender portal that can assist in spotting possible attempts to exploit this vulnerability.

An advanced hunting activity has been added that monitors Kerberos AS authentication and can be used by customers to create their own custom detection rules within Microsoft Defender XDR to automatically trigger alerts for this activity. The tutorial includes information on monitoring Kerberos AS authentication and creating custom detection rules within Microsoft Defender XDR using the advanced hunting query and trigger alerts.

You can check the MSRC page for more information on this vulnerability and to stay up-to-date on the latest Defender for Identity capabilities, follow the "What's New" documentation page.

Published on:

Learn more
Microsoft 365 Defender Blog articles
Microsoft 365 Defender Blog articles

Microsoft 365 Defender Blog articles

Share post:

Related posts

New steps have been released to mitigate Kerberos signature validation vulnerabilities

Recent developments related to the Kerberos PAC Validation Protocol have necessitated the release of certain Take Action steps. These new step...

2 months ago

Out-of-band updates to address a Windows Server domain controller issue

Microsoft has released out-of-band (OOB) updates for some versions of Windows to address an issue related to a memory leak in the Local Securi...

2 months ago

Data Loss Prevention – Out-of-box Advanced Hunting queries for Data Loss Prevention incidents in Microsoft 365 Defender

This post provides information about how to use out-of-box advanced hunting queries for Data Loss Prevention incidents in Microsoft 365 Defend...

7 months ago

Halloween Special - Beware the Shadows of Active Directory - Security Horror Stories with Sean Metcalf: The Practical 365 Podcast S4 E7

Get ready for a Halloween-themed episode of the Practical365 podcast, featuring a special guest appearance by Sean Metcalf, CTO of Trimarc. Jo...

7 months ago

Migrate to the Authentication methods policy in Azure Active Directory by September 30, 2025

Attention Azure Active Directory users! On September 30th, 2025, Microsoft will be retiring the management of authentication methods in the le...

8 months ago

Step-up authentication with Defender for Cloud Apps and Authentication Context

If you're interested in implementing step-up authentication for specific scenarios, this post is for you. The article explores the integration...

1 year ago

New Alert for Microsoft 365 Defender Password Spray Detection

Microsoft 365 Defender is rolling out a new alert to detect password spray attacks originating from authentic cloud service providers. The ale...

1 year ago

Advanced Threat Hunting with Microsoft 365 Defender

In this podcast episode, Michael and Michael dive into the world of advanced threat hunting using Microsoft 365 Defender. Joining the conversa...

1 year ago

I am Shroot-less

On this episode of Security Unlocked, Jonathan Bar Or, Principal Security Researcher at Microsoft, joins hosts Natalia Godyla and Nic Fillingh...

2 years ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy