Microsoft announced yesterday their intention to actively block and quarantine the binaries affected by the recent SolarWinds discovery. Detection was added to Microsoft’s Defender platform on December 13th which should have notified administrators of the threat, but no action was taken. As of 8:00 AM PST (11:00 AM EST), the Defender platform will begin actively blocking the affected binaries even if they are in use. This does have the potential to cause disruptions.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is