Microsoft Support & Discussions

A global threat requires a global response. While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cybercriminals using COVID-19 as a lure to mount attacks. As a security intelligence community, we are stronger when we share information that offers a more complete view of attackers’ shifting techniques. This more complete view enables us all to be more proactive in protecting, detecting, and defending against attacks. At Microsoft, our security products provide built-in protections against these and other threats, and we’ve published detailed guidance to help organizations combat current threats (Res…

This blog post outlines the work that Microsoft is doing to eliminate uninitialized stack memory vulnerabilities from Windows and why we’re on this path. This blog post will be broken down into a few parts that folks can jump to: Uninitialized Memory Background Potential Solutions to Uninitialized Memory Vulnerabilities InitAll – Automatic Initialization Interesting Findings … Solving Uninitialized Stack Memory on Windows Read More » The post Solving Uninitialized Stack Memory on Windows appeared first on Microsoft Security Response Center. Continue reading...

Researchers at the Eindhoven University of Technology recently revealed information around “Thunderspy,” an attack that relies on leveraging direct memory access (DMA) functionality to compromise devices. An attacker with physical access to a system can use Thunderspy to read and copy data even from systems that have encryption with password protection enabled. Secured-core PCs provide customers with Windows 10 systems that come configured from OEMs with a set of hardware, firmware, and OS features enabled by default, mitigating Thunderspy and any similar attacks that rely on malicious DMA. How Thunderspy works Like any other modern attack, “Thunderspy” relies …

COVID-19 has rapidly transformed how we all work. Organizations need quick and effective user security and awareness training to address the swiftly changing needs of the new normal for many of us. To help our customers deploy user training quickly, easily and effectively, we are announcing the availability of the Microsoft Cybersecurity Awareness Kit, delivered in partnership with Terranova Security. For those of you ready to deploy training right now, access your kit here. For more details, read on. Work at home may happen on unmanaged and shared devices, over insecure networks, and in unauthorized or non-compliant apps. The new environment has put cybersecurity deci…

As part of the launch of the U.S. space program’s moon shot, President Kennedy famously said we do these things “not because they are easy, but because they are hard.” The same can be said for the people responsible for security at their organizations; it is not a job one takes because it is easy. But it is critically important to keep our digital lives and work safe. And for the CISOs and leaders of the world, it is a job that is more than worth the hardships. Recent research from Nominet paints a concerning picture of a few of those hardships. Forty-eight percent of CISO respondents indicated work stress had negatively impacted their mental health, this is almost dou…

Universal Print is a Microsoft 365 subscription-based service that organizations use to centralize print management that is fully integrated with Azure Active Directory (Azure AD) and supports single sign-on scenarios. Join Kristin Carr and Rani Abdellatif on Wednesday, May 13th at 8:30 a.m. Pacific Time (PT) for a quick update on how you can use Universal Print to simplify print management across your organization create a straightforward, user-friendly print experience for your end users We'll focus on demos and offer live Q&A throughout the event to answer your questions. Get the latest news, get your questions answered, get on with your day. Register now to …

The opportunities for innovative approaches to threat detection through deep learning, a category of algorithms within the larger framework of machine learning, are vast. Microsoft Threat Protection today uses multiple deep learning-based classifiers that detect advanced threats, for example, evasive malicious PowerShell. In continued exploration of novel detection techniques, researchers from Microsoft Threat Protection Intelligence Team and Intel Labs are collaborating to study new applications of deep learning for malware classification, specifically: Leveraging deep transfer learning technique from computer vision to static malware classification Optimizing de…

Windows Virtual Desktop can be a good fit for organizations seeking to enable remote work scenarios. As a result, the new Windows Virtual Desktop Azure Resource Manager (ARM)-based model is now available as a public preview and available to all customers. In this article, I'd like to cover the deeper technical points that explain how to enroll Windows 10 Enterprise multi-session, including Office 365 ProPlus, via the new Windows Virtual Desktop ARM-based Azure portal—and outline some important things you should know before getting started. Note: The previous Windows Virtual Desktop functionality was non-ARM. With the new spring update, service functionality …

To answer questions and help you more easily set up and configure Windows 10 devices so end users can work productively (and securely) from anywhere, the Microsoft Endpoint Manager team will be hosting a one-hour Windows Autopilot AMA event on Wednesday, June 3, 2020. ADD TO CALENDAR To join, simply, visit the new Microsoft Endpoint Manager AMA space on June 3rd at 9:00 AM Pacific Time and click "Start a New Conversation" to post your question. This event is open to all Tech Community members and we'll have members of the Microsoft Endpoint Manager product and engineering teams standing by to provide answers—as well as members of the MVP community who can provide th…

In addition to supporting the deployment and management of Windows 10 devices like laptops, tablets, and desktops, we are taking Windows Autopilot to uncharted territory by introducing the private preview of Windows Autopilot deployment for HoloLens 2! Since Windows Autopilot was first introduced with Windows 10, version 1703, it has come a long way to enable organizations to deploy and manage their Windows 10 devices in significant less time and at noticeable cost savings. At its core, Windows Autopilot is a set of cloud technologies that offers greater efficiency and automation over traditional deployment and setup experiences. As a critical component of Micro…

As the world continues to grapple with COVID-19, our lives have become increasingly dependent on digital interactions. Operating at home, we’ve had to rely on e-commerce, telehealth, and e-government to manage the everyday business of life. Our daily online usage has increased by over 20 percent. And if we’re fortunate enough to have a job that we can do from home, we’re accessing corporate apps from outside the company firewall. Whether we’re signing into social media, mobile banking, or our workplace, we’re connecting via online accounts that require a username and password. The more we do online, the more accounts we have. It becomes a hassle to constantly create ne…

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Whether you’re a security team of one or a dozen, detecting and stopping threats around the clock is a challenge. Security incidents don’t happen exclusively during business hours: attackers often wait until the late hours of the night to breach an environment. At Red Canary, we work with security teams of all shapes and sizes to improve detection and response capabilities. Our Security Operations Team investigates threats in customer environments 24/7/365, removes false positives, and delivers confirmed threats with context. We’ve seen tea…

The Azure Sphere Security Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019. At that time, a select group of talented researchers was invited to come and do their worst, emulating criminal hackers in a customer-safe cloud environment. This new research challenge aims to spark new high impact … Azure Sphere Security Research Challenge Now Open Read More » The post Azure Sphere Security Research Challenge Now Open appeared first on Microsoft Security Response Center. Continue reading...

This is the sixth blog in the Lessons learned from the Microsoft SOC series designed to share our approach and experience from the front lines of our security operations center (SOC) protecting Microsoft and our Detection and Response Team (DART) helping our customers with their incidents. For a visual depiction of our SOC philosophy, download our Minutes Matter poster. COVID-19 and the SOC Before we conclude the day in the life, we thought we would share an analyst’s eye view of the impact of COVID-19. Our analysts are mostly working from home now and our cloud based tooling approach enabled this transition to go pretty smoothly. The differences in attacks we hav…

The skyrocketing demand for tools that enable real-time collaboration, remote desktops for accessing company information, and other services that enable remote work underlines the tremendous importance of building and shipping secure products and services. While this is magnified as organizations are forced to adapt to the new environment created by the global crisis, it’s not a new imperative. Microsoft has been investing heavily in security, and over the years our commitment to building proactive security into products and services has only intensified. To help deliver on this commitment, we continuously find ways to improve and secure Microsoft products. One aspect …

Currently in public preview, MSIX app attach represents the final step in the journey to fully dynamic workspaces in the cloud, building on earlier innovations around roaming user profiles and enabling enterprises to stay current and ensure their applications are always up to date. Join Stefan Georgiev and Tanaka Jimha on Tuesday, May 5th at 9:00 a.m. Pacific Time (PT) for a free, one-hour walkthrough of the basics behind MSIX app attach and how to utilize this packaging format to change the way you deliver applications with Windows Virtual Desktop. We'll focus on demos that show you how to setup and configure MSIX app attach in your environment and offer live Q&am…

The latest round of MITRE ATT&CK evaluations proved yet again that Microsoft customers can trust they are fully protected even in the face of such an advanced attack as APT29. When looking at protection results out of the box, without configuration changes, Microsoft Threat Protection (MTP): Provided nearly 100 percent coverage across the attack chain stages. Delivered leading out-of-box visibility into attacker activities, dramatically reducing manual work for SOCs vs. vendor solutions that relied on specific configuration changes. Had the fewest gaps in visibility, diminishing attacker ability to operate undetected. Beyond just detection and visibility, a…

Microsoft is providing a series of deployment guides for customers who have engaged in a Zero Trust security strategy. In this guide, we cover how to deploy and configure Azure Active Directory (Azure AD) capabilities to support your Zero Trust security strategy. For simplicity, this document will focus on ideal deployments and configuration. We will call out the integrations that need Microsoft products other than Azure AD and we will note the licensing needed within Azure AD (Premium P1 vs P2), but we will not describe multiple solutions (one with a lower license and one with a higher license). Azure AD at the heart of your Zero Trust strategy Azure AD provid…

Knowing, protecting, and governing your organizational data is critical to adhere to regulations and meet security and privacy needs. Arguably, that’s never been truer than it is today as we face these unprecedented health and economic circumstances. To help organizations to navigate privacy during this challenging time, Microsoft Chief Privacy Officer Julie Brill shared seven privacy principles to consider as we all collectively move forward in addressing the pandemic. Organizations are also evaluating security and data governance more than ever before as they try to maintain business continuity amid the crisis. According to a new Harvard Business Review (HBR) researc…

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and is primarily written in the Go programming language. While there have … The Safety Boat: Kubernetes and Rust Read More » The post The Safety Boat: Kubernetes and Rust appeared first on Microsoft Security Response Center. Continue reading...

At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations. Multiple ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020. So far the attacks have affected aid organizations, medical billing companies, manufacturing, transport, government institutions, and educational software providers, showing that these ransomware groups give little regard to the critical services th…

The reality of securing IoT over time It’s difficult to imagine any aspect of everyday life that isn’t affected by the influence of connectivity. The number of businesses that are using IoT is growing at a fast pace. By 2021, approximately 94 percent of businesses will be using IoT. Connectivity empowers organizations to unlock the full potential of the Internet of Things (IoT)—but it also introduces new cybersecurity attack vectors that they didn’t need to think about before. The reality is, connectivity comes at a cost: attackers with a wide range of motivations and skills are on the hunt, eager to exploit vulnerabilities or weak links in IoT. What does it take to …