July 23, 2024 at 03:52PM
Microsoft’s Windows Hello for Business (WHfB) authentication, previously believed to be resistant to phishing, was found vulnerable to downgrade attacks. Security researcher Yehuda Smirnov discovered the flaw, leading to a fix by Microsoft. The company introduced a new Conditional Access policy to enforce phishing-resistant authentication, safeguarding against downgraded methods.
From the given meeting notes, the key takeaway is that Microsoft’s Windows Hello for Business (WHfB) default phishing-resistant authentication model was found susceptible to downgrade attacks. This vulnerability allowed threat actors to bypass the secure authentication and crack into biometrically-protected PCs and laptops. The issue was discovered by Accenture red team security researcher Yehuda Smirnov, who reported it to Microsoft. A fix has been made available, and Smirnov will demonstrate the attack and mitigation at Black Hat USA 2024. Microsoft’s remediation includes a new Conditional Access capability called “authentication strength,” which allows administrators to enforce phishing-resistant authentication methods for users, ensuring that the authentication method cannot be downgraded.