Microsoft Support & Discussions

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

This blog post was authored by Dianna Marks, Product Marketing Manager, Windows Server Marketing. At the Windows Server Summit in May, Cosmos Darwin and Greg Cusanza from the Windows Server team presented a lightning round all about hyperconverged infrastructure (HCI) powered by Windows Server. If you havent had a chance to watch the event, check out the recording of the live stream and deep dive sessions by registering online. Its quick and free. Here are the 25 things they presented in the lightning round: 1. Azure Stack HCI Catalog Available for purchase right now, there are over 75 Azure Stack HCI solutions from over 15 partners. Check out the Azure …

Hi, My 'Patch Tuesday' updates for May downloaded and installed with no issues. However, the latest issue of a computer mageazine to which I subscribe included a small article on a security issue for which Microsoft had released updates. Both the article and information I found on-line was unclear as to whether or not I need to do anything. My system is Windows 7 SP1 64bit. Microsoft have released two updates concerning the potential security issue: they are KB4499164 which is the monthly roll-up and which was included in the 'Patch Tuesday' updates so is already on my system and KB4499175 described as 'Security only' and is not on my system. What I am unsure a…

• 2 replies
• 695 views
• 1 follower

Kick replied June 3, 20195 yr

Earlier this week BlueHat Shanghai brought together security researchers and hundreds of cybersecurity professionals from China and across Asia to explore the latest topics in cybersecurity research. Including presentations from Qihoo 360, Baidu, Alibaba and the Chinese Academy of Sciences, BlueHat Shanghai highlighted incredibly talented Chinese researchers and focused on cutting edge topics including container and IoT security. In the conference kick off, Eric Doerr (General Manager, MSRC) shared how researchers in China have helped protect Microsoft customers over the last year by reporting high impact vulnerabilities under Coordinated Vulnerability Disclosure. M…

Earlier this week BlueHat Shanghai brought together security researchers and hundreds of cybersecurity professionals from China and across Asia to explore the latest topics in cybersecurity research. Including presentations from Qihoo 360, Baidu, Alibaba and the Chinese Academy of Sciences, BlueHat Shanghai highlighted incredibly talented Chinese researchers and focused on cutting edge topics including container and IoT security.

On May 14, Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. In our previous blog post on this topic we warned that the vulnerability is ‘wormable’, and that future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.

There are many dedicated people and organizations who contribute to the protection and security of our common customers. For years, Microsoft has recognized security researchers for helping protect the ecosystem. Now, we’re announcing the launch of a new program to better recognize and thank Microsoft Active Protections Program (MAPP) partners for all they do to protect our customers, including awards and evangelism based on their contributions. MAPP provides better protections for customers through: Early access to monthly security release information, allowing partners to proactively apply protections prior to the release date Sharing of threat indicators Repor…

There are many dedicated people and organizations who contribute to the protection and security of our common customers. For years, Microsoft has recognized security researchers for helping protect the ecosystem. Now, we’re announcing the launch of a new program to better recognize and thank Microsoft Active Protections Program (MAPP) partners for all they do to protect our customers, including awards and evangelism based on their contributions.

The Microsoft Security Response Center (MSRC) works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our “Time Travel Debugging” (TTD) tool publicly available to make it easy for security researchers to provide full repro, shortening investigations and potentially contributing to higher bounties (see “Report quality definitions for Microsoft’s Bug Bounty programs”).

This blog post was authored by Dianna Marks, Product Marketing Manager, Windows Server Product Marketing. Windows Server Summit 2019 is just two days away and we already have over 8,500 registered to attend. Thats a record in Windows Server Summit virtual event registrations to date! Register now and tell your friends and colleagues about it because you dont want to miss it. Weve spent hundreds of hours creating never-before-seen Windows Server demos and content that will be delivered to you by our rock star presenters. What do we have in store for you? These demo-rich sessions will be jam-packed with all the latest and greatest in Windows Server of course! That in…

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely t…

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Continue reading...

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

This blog post was authored by Dianna Marks, Product Marketing Manager, Windows Server Marketing. HCI is all the buzz nowadays! What exactly is HCI? Spelled out its hyperconverged infrastructure, also referred to as the software defined data center (SDDC). It allows companies to run their storage, networking, and compute with lowered capital expenditure (CAPEX) and operating expenses (OPEX) since storage and networking are software-defined and dont require the same amount of hardware and level of management. HCI offers centralized management, which is great for many types of environments including development and product workloads. Also, now that there is no storage …

Source: Update Regarding Add-ons in Firefox

This blog post was authored by Dianna Marks, Product Marketing Manager, Windows Server Marketing. Youve been hearing about all the great innovations in Windows Server 2019. Weve also been working to enhance how we manage your Windows Server environment, and well be showing you more at the upcoming Windows Server Summit 2019. Windows servers can be managed in multiple ways based on your need We know that you need to manage both individual servers and servers at scale. We also know that each customer is at a different stage in their hybrid journey, so we provide scaled management tools centered in on-premises and scaled management tools for hybrid management in…

This blog post was authored by Dianna Marks, Product Marketing Manager, Azure Marketing. Its that time of the year again! Spring is in the air and Windows Server Summit is right around the corner. On May 22nd at Windows Server Summit 2019 you can discover how Windows Server can help you deliver your hybrid cloud strategy as well as gain tips on how to modernize your evolving infrastructure. The great thing about Windows Server Summit is that you can attend from anywhere in the world since it is all virtual just kick up your feet and hit the link to join. This year expect to deep dive in to technical Windows Server content covered by leading industry experts. Som…

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Tags Security Advisory Security Update Update Tuesday Continue reading...

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Tags Security Advisory Security Update Update Tuesday

In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research community. Faster bounty review – As of January 2019, the Cloud, Windows, and Azure DevOps programs now award bounties upon completion of reproduction and assessment of each submission, rather than waiting until the final fix has been determined. Shortening the time from submission to award determination is just one way we will get bounty rewards to researchers faster. …

In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research community. Faster bounty review – As of January 2019, the Cloud, Windows, and Azure DevOps programs now award bounties upon completion of reproduction and assessment of each submission, rather than waiting until the final fix has been determined.

The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center (MSRC) are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware component. This was part of a wider defense in depth security review of Azure services, exploring attack vectors from the point of view of a hypothetical adversary who has already penetrated at least one security boundary, and now sits in the operating environment of a service backend (marked with * on the diagram below).