Microsoft Support & Discussions

This is the first in a blog series discussing the tools, techniques, and procedures that the Microsoft Detection and Response Team (DART) use to investigate cybersecurity incidents at our customer organizations. Today, we introduce the team and give a brief overview of each of the tools that utilize the power of the cloud. In upcoming posts, we’ll cover each tool in-depth and elaborate on techniques and procedures used by the team. Key lessons learned from DART’s investigation evolution DART’s investigation procedures and technology have evolved over 14 years of assisting our customers during some of the worst hack attacks on record. Tools have evolved from primar…

Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone. We are also happy … BlueHat Seattle videos are online! Read More » The post BlueHat Seattle videos are online! appeared first on Microsoft Security Response Center. Continue reading...

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of … November 2019 security updates are available! Read More » The post November 2019 security updates are available! appeared first on Microsoft Security Response Center. Continue reading...

Zero Trust has managed to both inspire and confuse the cybersecurity industry at the same time. A significant reason for the confusion is that Zero Trust isn’t a specific technology, but a security strategy (and arguably the first formal strategy, as I recently heard Dr. Chase Cunningham, Principal Analyst at Forrester, aptly point out). Microsoft believes that the Zero Trust strategy should be woven throughout your organization’s architectures, technology selections, operational processes, as well as the throughout the culture of your organization and mindset of your people. Zero Trust will build on many of your existing security investments, so you may already hav…

On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and confirm that they were caused by a BlueKeep exploit module for the Metasploit penetration testing framework. BlueKeep is what researchers and the media call CVE-2019-0708, an unauthenticated remote code execution vulnerability in Remote Desktop Services on Windows 7, Windows Server 2008, and Windows Server 2008 R2. Microsoft released a security fix for the vulnerability on May 14, …

This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in Microsoft. If you want to talk with … Using Rust in Windows Read More » The post Using Rust in Windows appeared first on Microsoft Security Response Center. Continue reading...

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of the … Vulnerability hunting with Semmle QL: DOM XSS Read More » The post Vulnerability hunting with Semmle QL: DOM XSS appeared first on Microsoft Security Response Center. Continue reading...

The infrastructure, data, and apps built and run in the cloud are the foundational building blocks for a modern business. No matter where you are in your cloud journey, you likely utilize every layer of the cloud—from infrastructure as a service (IaaS) to platform as a service (PaaS) to software as a service (SaaS). You also may take advantage of services from several cloud and app providers. Many organizations operate a cross-cloud environment, but it can complicate security. A fragmented view of your cloud environment limits opportunities to holistically improve your security posture. It can also lead to missed threats and SecOps burnout. To address these challenges,…

Today, many organizations still struggle to adhere to General Data Protection Regulation (GDPR) mandates even though this landmark regulation took effect nearly two years ago. A key learning for some: being compliant does not always mean you are secure. Shifting privacy regulations, combined with limited resources like budgets and talent shortages, add to today’s business complexities. I hear this concern time and again as I travel around the world meeting with our customers to share how Microsoft can empower organizations successfully through these challenges. Most recently, I sat down with Emma Smith, Global Security Director at Vodafone Group to talk about their own…

Just a month ago, I communicated the details about Azure Sentinel reaching general availability. Since then, many customers have shared how Azure Sentinel has empowered their teams to be nimble and more efficient. ASOS, one of the largest online fashion retailers, is an excellent example of this. Using Azure Sentinel, ASOS has created a bird’s-eye view of everything it needs to spot threats early, allowing it to safeguard its business and its customers proactively. As a result, it has cut issue resolution times in half. Learn more about how ASOS has benefitted from Azure Sentinel. I am thrilled to come back and share new features available in preview starting t…

Sometimes an idea sparks, and it feels so natural, so organic, that it takes on a life of its own and surprises you by how fast it grows. The Microsoft Intelligent Security Association (MISA) was one of these ideas. It was born out of a desire to be easy to do business with and be a better partner to our security peers—providing a single contact for all products in MISA, which reduces administrative work and serves as a central place for introductions to other engineering teams when you’re ready to build more integrations with Microsoft Security. In the spring of 2018, MISA launched with 26 founding partners, which included pivotal companies like Check Point, Zscaler, …

Legacy infrastructure. Bolted-on security solutions. Application sprawl. Multi-cloud environments. Company data stored across devices and apps. IT and security resource constraints. Uncertainty of where and when the next attack or leak will come, including from the inside. These are just a few of the things that keep our customers up at night. When security is only as strong as your weakest link and your environments continue to expand, there’s little room for error. The challenge is real: in this incredibly complex world, you must prevent every attack, every time. Attackers must only land their exploit once. They have the upper hand. To get that control back, we must …

Today, at the Microsoft Ignite Conference, we’re announcing new innovations designed to help customers across their security, compliance, and identity needs. With so much going on at Ignite this week, I want to highlight the top 10 announcements: Azure Sentinel—We’re introducing new connectors in Azure Sentinel to help security analysts collect data from a variety of sources, including Zscaler, Barracuda, and Citrix. In addition, we’re releasing new hunting queries and machine learning-based detections to assist analysts in prioritizing the most important events. Insider Risk Management in Microsoft 365—We’re announcing a new insider risk management solution in Micro…

Zero Trust is a security model that I believe can begin to turn the tide in the cybersecurity battles. Traditional perimeter-based network security has proved insufficient because it assumes that if a user is inside the corporate perimeter, they can be trusted. We’ve learned that this isn’t true. Bad actors use methods like password spray and phishing to take advantage of a workforce that must remember too many usernames and passwords. Once behind the corporate firewall, a malicious user can often move freely, gaining higher privileges and access to sensitive data. We simply can’t trust users based on a network as the control plane. The good news is that there is a sol…

In Gartner’s third annual Magic Quadrant for Cloud Access Security Brokers (CASB), Microsoft was named a Leader based on its completeness of vision and ability to execute in the CASB market. Microsoft was also identified as strongest in execution. Gartner led the industry when they defined the term CASB in 2012. We believe their report points out a key fact for the market, that Microsoft currently has the largest customer base of all participating vendors. We believe that this, along with being ranked as a Leader, reflects our continued commitment to building the best possible solution for our customers and our goal to find innovative ways of helping them better protec…

Microsoft Threat Experts is the managed threat hunting service within Microsoft Defender Advanced Threat Protection (ATP) that includes two capabilities: targeted attack notifications and experts on demand. Today, we are extremely excited to share that experts on demand is now generally available and gives customers direct access to real-life Microsoft threat analysts to help with their security investigations. With experts on demand, Microsoft Defender ATP customers can engage directly with Microsoft security analysts to get guidance and insights needed to better understand, prevent, and respond to complex threats in their environments. This capability was shaped t…

Today, at the IoT Solutions World Congress, we announced that Azure Sphere will be generally available in February of 2020. General availability will mark our readiness to fulfill our security promise at scale, and to put the power of Microsoft’s expertise to work for our customers every day—by delivering over a decade of ongoing security improvements and OS updates delivered directly to each device. Since we first introduced Azure Sphere in 2018, the IoT landscape has quickly expanded. Today, there are more connected things than people in the world: 14.2 billion in 2019, according to Gartner, and this number is expected to hit 20 billion by 2020. Although this number …

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent (complete with toasted marshmallows). Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising correlations between vuln severity, age, and time to … Time for day 2 of briefings at BlueHat Seattle! Read More » The post Time for day 2 of briefings at BlueHat Seattle! appeared first on Microsoft Security Response Center. Continue reading...

We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down. Please join us for breakfast (we have doughnuts! and bacon! and cereal!) when the doors open … Welcome to the second stage of BlueHat! Read More » The post Welcome to the second stage of BlueHat! appeared first on Microsoft Security Response Center. Continue reading...