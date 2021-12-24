This week, Microsoft released its security baselines package para Windows 10 21H2 (launched last November), with the name of Microsoft Security Compliance Toolkit. A safety baseline is a set of Microsoft recommended settings, based on the contributions of both the company’s security engineering teams, as well as its partners and customers.

Now with this toolkit, administrators can compare your current security settings with those recommended by Microsoft and edit them, store them in GPO backup file format, and apply them through a domain controller.





This new set of security baselines also remove all legacy settings from Microsoft Edge, now that Edge Legacy has seen its official support end and be replaced by Edge Chromium. In addition, new configurations are incorporated to patch the PrintNightmare remote code execution vulnerability.

The goal: reduce the ‘attack surface’ of the latest versions of Windows 10

However, the highlight of this toolkit comes from the hand of adding protection against tampering as a setting to enable by default (as it has already been in Windows 11 for two months), which protect computers against human-operated ransomware attacks.

This is possible thanks to the fact that it allows you to block the attempts of ransomware operators (and other types of malware) disabling security features of the operating system, automatically locking Microsoft Defender Antivirus with safe defaults, for easier access to confidential data or to the system itself to install more malicious software.

Thus, when aborting any attempt to change these values ​​using the Windows Registry, PowerShell cmdlets, or group policies, ransomware operators are made difficult of certain tasks necessary to carry out the spread of ransomwaresuch as disabling real-time virus protection or security updates.

Remember that all these settings are already available for download through the Microsoft Security Compliance Toolkit, which includes not only the security baselines through Group Policy Object (GPO) reports, but also the scripts required to apply the settings to the local GPO.

Microsoft’s advice is to “download the kit content, test recommended configurations and customize / deploy as appropriate”.

Via | NeoWin