September 4, 2024 at 01:48PM
Microsoft is implementing a new security mitigation to address a surge in cyberattacks targeting vulnerabilities in the Windows Common Log File System (CLFS). The mitigation involves adding a verification step using Hash-based Message Authentication Codes (HMAC) to detect unauthorized modifications to CLFS logfiles. This approach aims to cover a class of vulnerabilities at once and protect customers across the Windows ecosystem.
Based on the meeting notes, here are the key takeaways:
– Microsoft is addressing a surge in cyberattacks targeting vulnerabilities in the Windows Common Log File System (CLFS) by implementing a new security mitigation.
– The mitigation involves adding a new verification step to parsing CLFS logfiles, which will use Hash-based Message Authentication Codes (HMAC) to detect unauthorized modifications.
– This approach aims to address a class of vulnerabilities all at once and is designed to protect customers across the Windows ecosystem.
– The mitigation will soon be fitted into the Windows Insiders Canary channel and will utilize a Merkle tree to reduce overhead associated with frequent HMAC calculations for large files.
– The cryptographic key used for HMAC calculations is only accessible to CLFS (SYSTEM) and Administrators.
Overall, Microsoft’s approach seeks to proactively safeguard against potential security issues and enhance the integrity of CLFS logfiles.