Microsoft Support & Discussions

Today, I'm excited to announce the private preview of Update Staging Lab, a service that allows independent software vendors (ISVs) to accelerate application validation against pre-release builds of Windows security updates. This service enables highly engaged collaboration between ISV partners and Microsoft enabling joint deployment, validation, and remediation. In addition to the strong application compatibility posture of Windows 10 (customer data from Desktop App Assure has shown a 99.8% success rate), we recognize that there is opportunity with our ISV ecosystem to improve “day one” support for your critical applications after installing a Windows update. That's w…

The world of Windows deployment continues to evolve, making it easier and faster for you to upgrade to Windows and stay current with the latest feature updates and monthly updates. There’s so much to see and do at Microsoft Ignite this year, but the good news is that breakout and theater sessions will be streamed live—and available on demand after the event. Simply visit MyIgnite and sign in with the account you used to register for the event to browse the session catalog and attend any session virtually. Can’t attend in person this year? Not a problem, visit MyIgnite and sign in with your Tech Community account to access daily live streams featuring a pre-show and end-of…

The Azure security team is pleased to announce that the Azure Security Benchmark v1 (ASB) is now available. ASB is a collection of over 90 security best practices recommendations you can employ to increase the overall security and compliance of all your workloads in Azure. The ASB controls are based on industry standards and best practices, such as Center for Internet Security (CIS). In addition, ASB preserves the value provided by industry standard control frameworks that have an on-premises focus and makes them more cloud centric. This enables you to apply standard security control frameworks to your Azure deployments and extend security governance practices to the c…

While digital transformation is critical to business innovation, delivering security to cloud-first, mobile-first architectures requires rethinking traditional network security solutions. Some businesses have been successful in doing so, while others still remain at risk of very costly breaches. MAN Energy Solutions, a leader in the marine, energy, and industrial sectors, has been driving cloud transformation across their business. As with any transformation, there were challenges—as they began to adopt cloud services, they quickly realized that the benefits of the cloud would be offset by poor user experience, increasing appliance and networking costs, and an expanded…

Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking … Access Misconfiguration for Customer Support Database Read More » The post Access Misconfiguration for Customer Support Database appeared first on Microsoft Security Response Center. Continue reading...

sLoad, the PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has launched version 2.0. The new version comes on the heels of a comprehensive blog we published detailing the malware’s multi-stage nature and use of BITS as alternative protocol for data exfiltration and other behaviors. With the new version, sLoad has added the ability to track the stage of infection on every affected machine. Version 2.0 also packs an anti-analysis trick that could identify and isolate analyst machines vis-à-vis actual infected machines. We’re calling the new version “Starslord” based on strings in the malware…

With high levels of political unrest in various parts of the world, it’s no surprise we’re also in a period of increased cyber threats. In the past, a company’s name, political affiliations, or religious affiliations might push the risk needle higher. However, in the current environment any company could be a potential target for a cyberattack. Companies of all shapes, sizes, and varying security maturity are asking what they could and should be doing to ensure their safeguards are primed and ready. To help answer these questions, I created a list of actions companies can take and controls they can validate in light of the current level of threats—and during any period of…

In Changing the monolith—Part 1: Building alliances for a secure culture, I explored how security leaders can build alliances and why a commitment to change must be signaled from the top. But whose support should you recruit in the first place? In Part 2, I address considerations for the cybersecurity team itself, the organization’s business leaders, and the employees whose buy-in is critical. Build the right cybersecurity team It could be debated that the concept of a “deep generalist” is an oxymoron. The analogy I frequently find myself making is you would never ask a dermatologist to perform a hip replacement. A hip replacement is best left to an orthopedic sur…

Modern software development practices often involve building applications from hundreds of existing components, whether they’re written by another team in your organization, an external vendor, or someone in the open source community. Reuse has great benefits, including time-to-market, quality, and interoperability, but sometimes brings the cost of hidden complexity and risk. You trust your engineering team, but the code they write often accounts for only a tiny fraction of the entire application. How well do you understand what all those external software components actually do? You may find that you’re placing as much trust in each of the thousands of contributors to…

On January 14, 2020, Windows Server 2008 and 2008 R2 went end of support. This means that security updates will not be available to workloads available for this version of Windows Server and customers can be vulnerable to security and compliance issues. If you’re still running Windows Server 2008 or 2008 R2, there are a few options for you to secure your workloads. They include migrating to Azure and taking advantage of three years of extended security updates, upgrading to a later version of Windows Server, or you can remain on-premises and connect to Azure through Windows Admin Center. You can also bring Windows Server licenses to Azure with Azure Hybrid Benefit. Rea…

Following the first Security Researcher Quarterly Leaderboard we published in October 2019, we are excited to announce the MSRC Q4 2019 Security Researcher Leaderboard, which shows the top contributing researchers for the last quarter. In each quarterly leaderboard, we recognize the security researchers who ranked at or above the 95th percentile line based on the … Announcing MSRC 2019 Q4 Security Researcher Leaderboard Read More » The post Announcing MSRC 2019 Q4 Security Researcher Leaderboard appeared first on Microsoft Security Response Center. Continue reading...

Another day, another data breach. If the regular drumbeat of leaked and phished accounts hasn’t persuaded you to switch to Multi-Factor Authentication (MFA) already, maybe the usual January rush of ‘back to work’ password reset requests is making you reconsider. When such an effective option for protecting accounts is available, why wouldn’t you deploy it straight away? The problem is that deploying MFA at scale is not always straightforward. There are technical issues that may hold you up, but the people side is where you have to start. The eventual goal of an MFA implementation is to enable it for all your users on all of your systems all of the time, but you won’t b…

In two recent posts I discussed with Circadence the increasing importance of gamification for cybersecurity learning and how to get started as a practitioner while being supported by an enterprise learning officer or security team lead. In this third and final post in the series, Keenan and I address more advanced SecOps scenarios that an experienced practitioner would be concerned with understanding. We even show how Circadence and Microsoft help seasoned practitioners defend against some of the most prevalent and advanced attackers we see across industries. Here are more of Keenan’s insights from our Q&A: Q: Keenan, thanks for sharing in this digital conversat…

The January security updates include several Important and Critical security updates. As always, we recommend that customers update their systems as quickly as practical. Details for the full set of updates released today can be found in the Security Update Guide. We believe in Coordinated Vulnerability Disclosure (CVD) as proven industry best practice to address security vulnerabilities. Through a partnership … January 2020 Security Updates: CVE-2020-0601 Read More » The post January 2020 Security Updates: CVE-2020-0601 appeared first on Microsoft Security Response Center. Continue reading...

We have released the January security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of … January 2020 security updates are available! Read More » The post January 2020 security updates are available! appeared first on Microsoft Security Response Center. Continue reading...

We are excited to announce the Microsoft Identity Research Project Grant a new opportunity in partnership with the security community to help protect Microsoft customers. This project grant awards up to $75,000 USD for approved research proposals that improve the security of the Microsoft Identity solutions in new ways for both Consumers (Microsoft Account) and Enterprise (Azure Active Directory). The post Announcing the Microsoft Identity Research Project Grant appeared first on Microsoft Security Response Center. Continue reading...

Any modern security expert can tell you that we’re light years away from the old days when firewalls and antivirus were the only mechanisms of protection against cyberattacks. Cybersecurity has been one of the hot topics of boardroom conversation for the last eight years, and has been rapidly increasing to higher priority due to the size and frequency of data breaches that have been reported across all industries and organizations. The security conversation has finally been elevated out of the shadows of the IT Department and has moved into the executive and board level spotlights. This has motivated the C-teams of organizations everywhere to start asking hard question…

For governments to function, the flow of data on a massive scale is required—including sensitive information about critical infrastructure, citizens, and public safety and security. The security of government information systems is subject to constant attempted attacks and in need of a modern approach to cybersecurity. Microsoft 365 provides best-in-class productivity apps while protecting identities, devices, applications, networks, and data. With Microsoft 365 security services, governments can take confident steps to adopt a Zero Trust security model where all users and devices—both inside and outside the network—are deemed untrustworthy by default and the same secu…

As members of Microsoft’s Detection and Response Team (DART), we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult as you need to sift through the data to determine whether the activities are being performed by the legitimate user or a bad actor. Credentials can be harvested in numerous ways, including phishing campaigns, Mimikatz, and key loggers. Recently, DART was called into an engagement where the adversary had a foothold within the on-premises network, which had been gained through compromi…

[ATTACH=full]17769[/ATTACH]