What are the recommended defenses against password extraction from kernel-mode dump files?

The primary defense is to enable dump encryption as described in Microsoft's documentation about dump encryption, which protects the content even if an attacker gains the dump file. However, note that an attacker with administrator privileges can disable dump encryption. Additionally, security products can intercept the `MiniDumpWriteDump()` API to prevent user-mode dump creation. For related attack vectors, see Penetration Techniques - From Exchange File Read/Write Permissions to Command Execution.