San Francisco: Microsoft has said that it will require SMB (Server Message Block) signing (aka security signatures) by default for all connections to defend against NTLM relay attacks in Windows 11, starting with the latest Windows build (Enterprise edition) rolling out to Insiders in the Canary Channel.
Such attacks require network devices (including domain controllers) to impersonate malicious servers under the attackers’ control and elevate privileges so they can gain complete control over the Windows domain.
“This changes legacy behaviour, where Windows 10 and 11 required SMB signing by default only when connecting to shares named SYSVOL and NETLOGON and where Active Directory domain controllers required SMB signing when any client connected to them,” Microsoft said in a blogpost.
SMB signing aids in the detection of malicious authentication requests by confirming the identities of the sender and receiver via signatures and hashes embedded at the end of each message.
Meanwhile, Microsoft has announced that it will no longer support its virtual assistant Cortana in Windows as a standalone app, starting in late 2023.
This change will only affect Cortana in Windows and will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms, the tech giant stated on a support page.