Microsoft announced yesterday their intention to actively block and quarantine the binaries affected by the recent SolarWinds discovery. Detection was added to Microsoft’s Defender platform on December 13th which should have notified administrators of the threat, but no action was taken. As of 8:00 AM PST (11:00 AM EST), the Defender platform will begin actively blocking the affected binaries even if they are in use. This does have the potential to cause disruptions.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in