Microsoft Support & Discussions

Containerization is an important cloud computing development to more seamlessly build, test, deploy, and manage cloud applications. Containers also introduced many of our customers to new technologies including Docker, Windows containers, orchestration, and microservices. Today, we’re excited to announce the general availability of Windows Server container support in the Azure Kubernetes Service. Many of our customers are building new microservice inspired applications using the latest design patterns, yet often their core business functions run on applications developed before Kubernetes was even a project. The past months have presented new challenges and opportuniti…

Following the second Security Researcher Quarterly Leaderboard and the 2020 MSRC Most Valuable Security Researchers criteria we published in February 2020, we are excited to announce the 2020 First Quarter (Q1) Security Researcher Leaderboard, listing our top contributing researchers for the last quarter. The top three researchers of the last quarter are: Zhiniang Peng (2870 … Congratulating Our Top 2020 Q1 Security Researchers! Read More » The post Congratulating Our Top 2020 Q1 Security Researchers! appeared first on Microsoft Security Response Center. Continue reading...

When hackers plan an attack, they often engage in a numbers game. They can invest significant time pursing a single, high-value target—someone in the C-suite for example and do “spear phishing.” Or if they just need low-level access to gain a foothold in an organization or do reconnaissance, they target a huge volume of people and spend less time on each one which is called “password spray.” Last December Seema Kathuria and I described an example of the first approach in Spear phishing campaigns—they’re sharper than you think! Today, I want to talk about a high-volume tactic: password spray. In a password spray attack, adversaries “spray” passwords at a large volume of…

Over the last fifteen years, attacks against critical infrastructure (figure1) have steadily increased in both volume and sophistication. Because of the strategic importance of this industry to national security and economic stability, these organizations are targeted by sophisticated, patient, and well-funded adversaries. Adversaries often target the utility supply chain to insert malware into devices destined for the power grid. As modern infrastructure becomes more reliant on connected devices, the power industry must continue to come together to improve security at every step of the process. Figure 1: Increased attacks on critical infrastructure This is the…

As attackers use more advanced techniques, it’s even more important that defenders have visibility not just into each of the domains in their environment, but also across them to piece together coordinated, targeted, and advanced attacks. This level of visibility will allow us to get ahead of attackers and close the gaps through which they enter. To illustrate that imperative, the 2019 MITRE ATT&CK evaluation centered on an advanced nation-state threat actor known to the industry as Advanced Persistent Threat (APT) 29 (also known as Cozy Bear) which largely overlaps with the activity group that Microsoft calls YTTRIUM. . The test involved a simulation of 58 attacker t…

As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data replicas across fault domains, active failover, quick deployment and pay for use benefits are now available for these NERC CIP workloads. Good candidates include a range of predictive maintenance, asset management, planning, modelling and historian systems as well as evidence collection systems for NERC CIP compliance itself. It’s often asked whether a utility must use Azure G…

To support your efforts to deliver and deploy updates to the Windows 10 devices being used by remote workers across your organization, we are kicking off a series of weekly "office hours" for IT professionals here on Tech Community. During office hours, we will have a broad group of product experts, servicing experts, and engineers monitoring the Windows 10 servicing space and standing by to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have. The first servicing office hours event will take place on Wednesday, April 22, 2020 from 8:00 a.m. to 9:00 a.m. Pacific Time. How do office hours work? Simpl…

As the volume of remote workers quickly increased over the past two to three months, the IT teams in many companies scrambled to figure out how their infrastructures and technologies would be able to handle the increase in remote connections. Many companies were forced to enhance their capabilities to allow remote workers access to systems and applications from their homes and other locations outside the network perimeter. Companies that couldn’t make changes rapidly enough to increase capacity for remote workers might rely on remote access using the remote desktop protocol, which allows employees to access workstations and systems directly. Recently, John Matherly (fo…

Every day, software developers stare down a long list of features and bugs that need to be addressed. Security professionals try to help by using automated tools to prioritize security bugs, but too often, engineers waste time on false positives or miss a critical security vulnerability that has been misclassified. To tackle this problem data science and security teams came together to explore how machine learning could help. We discovered that by pairing machine learning models with security experts, we can significantly improve the identification and classification of security bugs. At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items…

In this post, we will walk you through ways to optimize the delivery and deployment of Windows monthly quality updates (aka patches) to remote devices in your organization. We will offer specific recommendations on minimizing update size and bandwidth utilization, increasing update speed and consistency, and reducing the impact and dependency on end users. Microsoft has published guidance around the solutions and opportunities IT professionals can leverage to keep remote workers safe, secure, and productive, the majority of which can be found on Microsoft's COVID-19 response page. For example, in Rob York’s recent blogs on Managing remote machines with cloud management…

Today we announced that the scheduled end of service date for the Home, Pro, Pro Education, and Pro for Workstations editions of Windows 10, version 1809 will now be November 10, 2020. This means that security updates will continue to be released monthly, June through November of 2020, and that the final security update for these editions of Windows 10, version 1809 will be released on November 10, 2020 instead of May 12, 2020. Security updates for Windows 10, version 1809 will be available via our regular servicing channels: Windows Update, Windows Server Update Services, and the Microsoft Update Catalog. You will not need to alter your current update management wor…

Operational resiliency is a topic of rising importance in the security community. Unplanned events, much like the one we are facing today, are reminders of how organizations can be prepared to respond to a cyberattack. Ian Coldwell and I explored a variety of options in my episode of Afternoon Cyber Tea with Ann Johnson. Ian Coldwell is a Kubernetes containers and cloud infrastructure specialist with a background in penetration testing and DevOps. In their role as a consultant, Ian has helped companies bridge the gaps between security and DevOps. It was a real pleasure to discuss what Ian has learned in these roles, and I think you’ll find our discussion valuable. D…

To help you facilitate a “hands free” Windows 10 update experience for your users, Microsoft introduced a feature called reserved storage with Windows 10, version 1903. Enabled by default on newly manufactured Windows 10 PCs and clean installations of Windows 10, reserved storage is designed to increase the likelihood that Windows 10 feature updates can be successfully downloaded and installed without the user having to free up disk space. For PCs that connect directly to Windows Update, reserved storage works out of the box. However, if you manage and upgrade Windows devices using a management solution including Windows Server Update Services (WSUS) or Configuration Mana…

As our customers shift to remote work in response to the COVID-19 outbreak, many have asked how to maintain the security posture of their cloud assets. Azure Security Center security controls can help you monitor your security posture as usage of cloud assets increases. These are three common scenarios: Enable multi-factor authentication (MFA) to enhance identity protection. Use just-in-time (JIT) VM access for users that need remote access via RDP or SSH to servers that are in your Azure infrastructure. Review the “Remediate vulnerabilities control” in Azure Security Center to identify critical security updates needed workloads (servers, containers, databases) that…

Ready or not, much of the world was thrust into working from home, which means more people and devices are now accessing sensitive corporate data across home networks. Defenders are working round the clock to secure endpoints and ensure the fidelity of not only those endpoints, but also identities, email, and applications, as people are using whatever device they need to get work done. This isn’t something anyone, including our security professionals, were given time to prepare for, yet many customers have been thrust into a new environment and challenged to respond quickly. Microsoft is here to help lighten the load on defenders, offer guidance on what to prioritize to k…

Off the top of your head, what percentage of endpoints in your organization are currently protected? Something in the 98 percent+ range? Most enterprises would say having fewer than 2 percent of endpoint devices lacking adequate security would be considered good given the various changes, updates, etc. However, enterprises have traditionally focused security and compliance efforts on traditional computing devices (for example, servers, desktops, and laptops), which represent just 40 percent of the relevant endpoints. The remaining 60 percent of endpoints are mobile devices and are woefully under-protected. That’s a problem. Mobile security is more important than …

In this difficult time, remote work is becoming the new normal for many companies around the world. Employees are using tools like Microsoft Teams to collaborate, chat, and connect in new ways to try to keep their businesses moving forward amidst the challenging global health crisis. I sincerely hope you and your families are staying safe and healthy. I have been talking with many of you about the impact today’s environment is having on your organizations. Business continuity is an imperative, and you must rely on your employees to stay connected and productive outside of the traditional digital borders of business. In doing so, identifying and managing potential risks…

In these challenging times, it’s even more apparent that modern companies are managing a blended workforce that encompasses not only their full-time staff and customers but also their contractors, consultants, subsidiaries, suppliers, partners, and soon-to-be customers. Balancing friction-less collaboration and highly targeted engagement with privacy and security is not easy, but you don’t have to go it alone. Now more than ever, reusing rather reinventing is critical. When it comes to connecting to business partners or your customers, consumers, or citizens, you don’t need to create an identity management solution from scratch—you can leverage cloud based identity and…

As the number of home-based workers has accelerated in the last few weeks, it’s introduced new challenges. You may want to expand the number and types of devices employees can use to access company resources. You need to support a surge in SaaS usage. And it’s important to adjust security policies to enable productivity from home, while keeping sensitive data secure. As you navigate these changes, turn to us for help. Microsoft Defender Advanced Threat Protection (ATP) customers can expect the following: Coverage for additional devices without requiring additional licenses. Guidance and support services to rapidly expand deployment. Proactive and reactive assistance…

Recently, we published our first case report (001: …And Then There Were Six) by the Microsoft Detection and Response Team (DART). We received significant positive response from our customers and colleagues and our team has been getting inquiries asking for more reports. We are glad to share the DART Case Report 002: Full Operational Shutdown. In the report 002, we cover an actual incident response engagement where a polymorphic malware spread through the entire network of an organization. After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy protocols, the virus shut down the organization’s core services. The virus a…

Zero Trust Assessment tool now live! With such a large influx of employees working remotely, many of the traditional network-based security controls are unable to protect the organization. For many organizations, there are two options: route all remote traffic through a strained legacy network architecture, resulting in poor performance and user productivity; or relax restrictions and risk losing protection, control, and visibility. Many organizations are turning to Zero Trust security framework to better support remote work and manage risk. The Zero Trust security framework helps organizations effectively meet these challenges by gating access to resources indivi…

Kubernetes, the most popular container orchestration system and one of the fastest-growing projects in the history of open source, becomes a significant part of many companies’ compute stack. The flexibility and scalability of containers encourage many developers to move their workloads to Kubernetes. While Kubernetes has many advantages, it also brings new security challenges that should be considered. Therefore, it is crucial to understand the various security risks that exist in containerized environments, and specifically in Kubernetes. The MITRE ATT&CK® framework is a knowledge base of known tactics and techniques that are involved in cyberattacks. Started wit…

True to form, human-operated ransomware campaigns are always on prowl for any path of least resistance to gain initial access to target organizations. During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances. Unfortunately, one sector that’s particularly exposed to these attacks is healthcare. As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting fr…

Despite much focus on increasing the number of women in cybersecurity, as an industry we are still falling short. For many companies the problem starts with the tech pipeline—there just aren’t enough resumes from qualified female candidates. But I think the real problem is that our definition of qualified is too narrow. It’s so narrow that many women and people from other underrepresented backgrounds don’t identify with cybersecurity. And it limits our ability to evaluate potential defenders. Hiring managers too often reject excellent candidates who don’t check all the boxes. At Fortalice, we do things differently, and as a result nearly 40 percent of our team are women. …