{"id":43130,"date":"2021-09-29T16:00:15","date_gmt":"2021-09-29T16:00:15","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=97800"},"modified":"2021-09-29T16:00:15","modified_gmt":"2021-09-29T16:00:15","slug":"defend-against-zero-day-exploits-with-microsoft-defender-application-guard","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/defend-against-zero-day-exploits-with-microsoft-defender-application-guard\/","title":{"rendered":"Defend against zero-day exploits with Microsoft Defender Application Guard"},"content":{"rendered":"

Zero-day security vulnerabilities\u2014known to hackers, but unknown to software creators, security researchers, and the public\u2014are like gold to attackers. With zero-days, or even zero-hours, developers have no time to patch the code, giving hackers enough access and time to explore and map internal networks, exfiltrate valuable data, and find other attack vectors.<\/p>\n

Zero-days has become a great profit engine for hackers due to the imperil it poses to the public, organizations, and government. These vulnerabilities are often sold on the dark web for thousands of dollars, fueling nation-state and ransomware attacks and making the cybercrime business even more appealing and profitable to attackers.<\/p>\n

Social engineering unlocks doors to zero-day attacks<\/h2>\n

With zero-day being the new constant, organizations must defend and protect themselves, paying special attention to the user applications as most of the zero-day vulnerabilities out there fall within this environment.<\/p>\n

Attackers leverage social engineering tactics to gain users\u2019 trust, deceive them, and influence their actions\u2014from opening a malicious link attached to an email to visiting a compromised website. The malicious code executes when the application opens the weaponized content, exploiting vulnerabilities and downloading malware on the endpoint.<\/p>\n

This combination of sophisticated social engineering attacks is a lethal weapon that leverages \u201cthe art of deception\u201d combined with human-operated ransomware, allowing attackers to stay undercover while exploiting a system\u2019s vulnerabilities. It creates the perfect scenario for a zero-day attack, allowing attackers to expertly spread and compromise more devices than ever before.<\/p>\n

App isolation helps defend against zero-day exploits<\/h2>\n

In such a challenging environment, where application and web browser scans and filters on their own may not be able to stop attackers from tricking users and preventing malicious code to execute, isolation technology is the way forward to defend against zero-day exploits.<\/p>\n

Based on the Zero Trust<\/a> principles of explicit verification, least privilege access, and assume breach, isolation treats any application and browsing session as untrustworthy by default, adding multiple roadblocks for attackers attempting to get into users\u2019 environments.<\/p>\n

Isolation is fully embedded into Microsoft Windows chip to cloud security posture, enabling applications to apply and run in state-of-the-art virtualization technology, such as Microsoft Defender Application Guard<\/a> (Application Guard), to significantly reduce the blast radius of compatible compromised applications.<\/p>\n

With Application Guard, websites and Office files run in an isolated hypervisor (Hyper-V) based container, ensuring that anything that happens within the container remains isolated from the desktop operating system. This means that malicious code originates from a document or website which is running inside the container, the desktop remains intact, and the blast radius of the infection remains confined within the container.<\/p>\n

This is the same virtualization-based security (VBS) technology that also powers other Windows security features like Credential Guard and Hypervisor Code Integrity (HVCI).<\/p>\n

\"Presenting<\/p>\n

Today, the power of Application Guard local isolation is natively built into Microsoft Edge<\/a> and Microsoft Office<\/a>, providing seamless protection against malicious Word, PowerPoint, and Excel files and also malicious websites. We have extended this protection to Google Chrome and Mozilla Firefox via the Application Guard plugin, which allows untrusted websites to be opened in isolation using Microsoft Edge.<\/p>\n

Application Guard delivers a great first line of defense for organizations\u2014when users run an app or open email attachments and click on a link or an URL, if any of these have malware, it will be contained in the sandbox environment and won\u2019t be able to access the desktop, its systems, or data. Additionally, every malicious attack contained by Application Guard helps inform and improve global threat intelligence, enhancing overall detection capabilities and protecting not only your organization but also millions of other Microsoft customers across the world.<\/p>\n

Application Guard for Zero Trust<\/h2>\n

Isolation is an important part of any organization\u2019s strategy in deploying Zero Trust<\/a> and defending your system from being compromised without jeopardizing performance and productivity.<\/p>\n

Based on the following principles of Zero Trust, isolation technology in Windows forms the backbone of Application Guard providing stronger protection and greater assurance to your users while empowering them to click anywhere.<\/p>\n