CyberSecurityBoard
Sponsor Register Login

Microsoft tests Windows 11 encrypted DNS server auto-discovery

Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. Without DNR support, users must manually enter the info of encrypted DNS servers on their local area network within the network settings. Client-side DNR automatically configures devices to reach such encrypted DNS resolvers and use encrypted DNS protocols like DNS over TLS, DNS over HTTPS, and DNS over QUIC. When a device with client-side DNR enabled joins a new network, it queries the local DHCP server, requesting an IP address and DNR-specific options. The server, operating server-side DNR, responds with encrypted DNS details, including server IP, supported protocols, port numbers, and authentication data, allowing the client to establish an encrypted DNS tunnel automatically using the provided info. "Until today, Windows Insiders users had to find out the IP address of their desired encrypted DNS server and manually enter it to configure client-side encrypted DNS on their machine," said Microsoft's Amanda Langowski and Brandon LeBlanc. "DNR will enable Windows Insider users to use encrypted DNS protocols like DNS over HTTPS and DNS over TLS on the client-side without requiring manual configuration." Support for client-side DNR is currently rolling out to Windows Insiders using Windows Insider build 25982 or above. This feature is not yet available on non-Insider Windows versions. After the registry changes, you must restart the device so that the updated settings take effect. To see DNR in action, you must connect to a network where the DHCPv4 or DHCPv6 server has server-side DNR toggled on. Starting with today's Windows 11 Insider build, Microsoft also allows admins to require SMB client encryption for all outbound connections to defend against eavesdropping and interception attacks. The company also added ReFS filesystem Block Cloning Support to the Windows copy engine to improve ReFS volumes' performance when copying larger files. Windows 11 to let admins mandate SMB encryption for outbound connections. Microsoft Paint finally gets support for layers and transparency. Windows 11 Snipping Tool gets OCR support to copy text from images. Microsoft plans to kill off NTLM authentication in Windows 11.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Microsoft tests Windows 11 encrypted DNS server auto-discovery

How to Prevent DNS Attacks: DNS Security Best Practices - To protect against attack, best practices must be applied to protect the DNS protocol, the server on which the DNS protocol runs, and all access to the DNS processes. Implementing these best practices will not only protect DNS but also network ...
11 months ago Esecurityplanet.com
Microsoft tests Windows 11 encrypted DNS server auto-discovery - Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. Without DNR support, users must manually enter the info ...
11 months ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
DNS Tunneling Abuse Expands to Tracking & Scanning Victims - Attackers are taking malicious manipulation of DNS traffic to the next level, abusing DNS tunneling to scan a victim's network infrastructure as well as track victims' online behavior. Researchers from Palo Alto Networks' Unit 42 have identified ...
6 months ago Darkreading.com
Attacks abuse Microsoft DHCP to spoof DNS records The Register - A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. We're told the attacks - which are ...
11 months ago Go.theregister.com
Pen Testing Across the Environment: External, Internal, and Wireless Assessments - Among other controls, penetration testing stands out because it simulates attackers' malicious activities and tactics to identify security gaps in business systems or applications. Because pen tests thoroughly investigate vulnerabilities, the scope ...
4 months ago Securityboulevard.com
Understanding DNS Zones: A Comprehensive Guide - DNS stands for Domain Name System, and it is one of the most important components of the Internet. It is a network of servers that coordinates the registration, updating and resolution of domain names, so that users can easily access websites and ...
1 year ago Heimdalsecurity.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
11 months ago Techrepublic.com
Hackers use DNS tunneling for network scanning, tracking victims - Threat actors are using Domain Name System tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. DNS tunneling is the encoding of data or commands that are sent ...
6 months ago Bleepingcomputer.com
86% of cyberattacks are delivered over encrypted channels - Threats over HTTPS grew by 24% from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels, according to Zscaler. For the second year in a row, manufacturing was the industry most commonly targeted, with ...
11 months ago Helpnetsecurity.com
'KeyTrap' DNS Bug Threatens Widespread Internet Outages - Although it's been sitting there since 2000, researchers were just recently able to suss out a fundamental design flaw in a Domain Name System security extension, which under certain circumstances could be exploited to take down wide expanses of the ...
9 months ago Darkreading.com
Microsoft drops SMB1 firewall rules in new Windows 11 build - Windows 11 will no longer add SMB1 Windows Defender Firewall rules when creating new SMB shares starting with today's Canary Channel Insider Preview Build 25992 build. Before this change and since Windows XP SP2, creating SMB shares set up firewall ...
11 months ago Bleepingcomputer.com
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
9 months ago Bleepingcomputer.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
10 months ago Techtarget.com
SANS Internet Storm Center - A DNS suffix is a configuration of the Windows DNS client to have it append suffixes when doing domain lookups. If a DNS suffix local is configured, then Windows' DNS client will not only do a DNS lookup for example.com, but also for example.com. ...
6 months ago Isc.sans.edu
Bitwarden's new auto-fill option adds phishing resistance - The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. The issue was highlighted nearly a year ago when Flashpoint ...
8 months ago Bleepingcomputer.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
10 months ago Feeds.dzone.com
KeyTrap attack: Internet access disrupted with one DNS packet - A serious vulnerability named KeyTrap in the Domain Name System Security Extensions feature could be exploited to deny internet access to applications for an extended period. Tracked as CVE-2023-50387, KeyTrap is a design issue in DNSSEC and impacts ...
9 months ago Bleepingcomputer.com
Windows 11 Notepad gets a built-in character counter, finally - Microsoft keeps improving and adding more features to the Windows 11 Notepad application, the latest being a built-in character counter. Until now, users who needed a quick way to count characters in a text file have been forced to use third-party ...
11 months ago Bleepingcomputer.com
47 Years Later: Serious Security – How Deliberate Typos Might Improve DNS Security - The Domain Name System (DNS) is an internet infrastructure that has been around since the early 80s and still plays an integral part in how websites and online services are accessed. Although it has been in use for almost 47 years, security issues of ...
1 year ago Nakedsecurity.sophos.com
Microsoft starts testing new Windows 11 Energy Saver feature - Microsoft has started testing a new Windows 11 Energy Saver feature that helps customers extend their portable computers' battery life. This new feature is currently available to Insiders in the Canary Channel who have installed Windows 11 Insider ...
11 months ago Bleepingcomputer.com
DNSSEC vulnerability puts big chunk of the internet at risk The Register - A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution, effectively disabling the machine. Yes, a single DNS ...
9 months ago Go.theregister.com
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
11 months ago Bleepingcomputer.com
How Does Automated API Testing Differ from Manual API Testing: Unveiling the Advantages - Delve into automated versus manual API testing for efficient software delivery. See how automation speeds validation while manual testing provides human insight, ensuring comprehensive coverage for robust development. In the domain of software ...
9 months ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)