- Windows Kernel
- Remote Desktop Client
- Windows Visual Basic Scripting
- Microsoft Intune
- Virtual Hard Disk (VHDX)
- Microsoft Input Method Editor (IME)
- Windows SSDP Service
- Windows Kerberos
- Windows Imaging Component
- Windows SPNEGO Extended Negotiation
- Windows Storage VSP Driver
- Windows GDI
- Windows Event Tracing
- Universal Print Management Service
- Windows Cred SSProvider Protocol
- Azure Monitor Agent
- Microsoft PC Manager
- Microsoft Office
- Windows MBT Transport driver
- Windows Routing and Remote Access Service (RRAS)
- Role: Windows Hyper-V
- Windows Connected Devices Platform Service
- Windows BitLocker
- Windows Update Service
- Windows SMB
- Windows Virtualization-Based Security (VBS) Enclave
- Microsoft MPEG-2 Video Extension
- Windows Secure Kernel Mode
- Microsoft Office Excel
- Windows Remote Desktop Licensing Service
- HID class driver
- Windows Universal Plug and Play (UPnP) Device Host
- Windows AppX Deployment Service
- Windows Cryptographic Services
- Windows TDX.sys
- Windows Ancillary Function Driver for WinSock
- Windows User-Mode Driver Framework Host
- Workspace Broker
- Windows Win32K - ICOMP
- Kernel Streaming WOW Thunk Service Driver
- Microsoft Brokering File System
- Windows NTFS
- Windows Shell
- Windows Performance Recorder
- Windows Media
- Storage Port Driver
- Microsoft Windows Search Component
- Windows TCP/IP
- Capability Access Management Service (camsvc)
- Microsoft Office Word
- Microsoft Office SharePoint
- Microsoft Office PowerPoint
- Microsoft Edge (Chromium-based)
- Visual Studio Code - Python extension
- Windows Netlogon
- SQL Server
- Windows Fast FAT Driver
- Windows Print Spooler Components
- Windows StateRepository API
- Windows Notification
- Windows Win32K - GRFX
- Microsoft Windows QoS scheduler
- Microsoft Teams
- Microsoft Graphics Component
- Windows KDC Proxy Service (KPSSVC)
- Visual Studio
- Windows SmartScreen
- Office Developer Platform
- Windows Storage
- Large and medium government entities: High
- Small government entities: Medium
- Large and medium business entities: High
- Small business entities: Medium
- Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Apply the Principle of Least Privilege to all systems and services and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
- Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources. (M1017: User Training)
- Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.
- Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040: Behavior Prevention on Endpoint)
- Safeguard 13.2 : Deploy a Host-Based Intrusion Detection Solution: Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.
- Safeguard 13.7 : Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.
REFERENCES:
Microsoft: https://msrc.microsoft.com/<wbr />update-guide/releaseNote/2025-<wbr />Jul https://msrc.microsoft.com/<wbr />update-guide
