Microsoft Support & Discussions

Today on the Official Microsoft Blog, Microsoft announced the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce least-privilege principles to reduce risk, and it employs continuous analytics to help prevent security breaches and ensure compliance. The acquisition further enables Microsoft Azure Active Directory (Azure AD) customers with granular visibility, continuous monitoring, and automated remediation for hybrid and multi-cloud permissions. As the corporate network perimeter disappears, …

Note: The content of this post is being released jointly with the Center for Threat-Informed Defense. It is co-authored with Chris Ante and Matthew Bajzek. The Center post can be found here. As containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the unique security threats that target such environments when building security solutions. The first step in this process is understanding the relevant attack landscape. The MITRE ATT&CK® team has received frequent questions from the community about if or when ATT&CK would include coverage for adversary behavior in containers. Previous iterations of ATT&CK have incl…

As we advance towards general availability of Windows 11 this holiday, we thought it was a good time for a refresher on Windows monthly quality updates. Windows monthly quality updates help you stay productive and protected. They provide consumers and IT administrators alike with the security fixes they need to protect devices before unpatched vulnerabilities can potentially be exploited. Monthly quality updates are cumulative and include all previously released fixes to guard against fragmentation of the operating system (OS), which can lead to reliability and vulnerability issues when only a subset of fixes is installed. To ensure that this information is easy to fin…

The Security Update Validation Program (SUVP) is a quality assurance testing program geared toward Microsoft's monthly security update release, which occur every second Tuesday (also referred to as Update Tuesday or Patch Tuesday). SUVP partners test these security updates prior to Update Tuesday and provide us with feedback regarding usability, bug reports, test reports, etc. OK, so no worms here, but you can certainly be the early bird when it comes to testing security updates—three weeks before they go live on Update Tuesday! How? By joining the Security Update Validation Program. This post helps you familiarize you with the SUVP and offers answers to common questio…

Today, we are announcing exciting plans that bring together the management capabilities of Microsoft Endpoint Manager, the new Microsoft Store, and the flexibility of Windows Package Manager. These plans enhance the new Microsoft Store experience that is coming soon to both Windows 11 and Windows 10. Your suggestions matter You told us you wanted a way to control which apps and games were being downloaded by the users in your organization. We created the Microsoft Store for Business and Microsoft Store for Education, enabling you to make specific apps available in your own private store. We linked the Microsoft Store for Business and Microsoft Store for Education …

Update Health Tools enable the Windows Update for Business deployment service feature for expediting Windows 10 security updates using Microsoft Endpoint Manager. Update Health Tools run a tiny component that receives the expedite command from the deployment service, enabling devices to start updating right away, faster than default or existing configured settings. Update Health Tools are automatically deployed to devices connected to Windows Update. You can also manually deploy Update Health Tools, which is the purpose for today's post. Before manually deploying Update Health Tools First, if Update Health Tool have not been automatically deployed to your devic…

We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to seek out and disclose any high impact security vulnerabilities they may find in Teams mobile applications to help secure customers. Rewards up to $30,000 USD … Introducing Bounty Awards for Teams Mobile Applications Security Research Read More » Continue reading...

We’re excited to announce the top contributing researchers for the 2021 Second Quarter (Q2)! Congratulations to all the researchers recognized in this quarter’s leaderboard and thank you to everyone who continues to help secure our customers and the ecosystem. The top three researchers of the 2021 Q2 Security Researcher Leaderboard are: Yuki Chen (765 points), … Announcing the Top MSRC 2021 Q2 Security Researchers – Congratulations! Read More » Continue reading...

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are private companies that manufacture and sell cyberweapons in hacking-as-a-service packages, often to government agencies around the world, to hack into their targets’ computers, phones, network infrastructure, and other devices. With these hacking packages, usually the government agencies choose the targets and run the actual operations themselves. The tools, …

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the current state of consent phishing emails as an initial attack vector and what security administrators can do to prevent, detect, and respond to these threats using advanced solutions like Microsoft Defender for Office 365. Consent phishing attacks aim to trick users into granting permissions to malicious cloud apps in order to gain access to user’s legitimate cloud services. The c…

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA. Welcome to fiscal year 2022 (FY22) and my first official blog as the MISA Lead. It’s been a whirlwind couple of months getting up to speed with all things MISA—closing out FY21 while continuing to build on the great foundation my predecessor laid out as I strategize where to go from here. More to come on that, but first let’s take a moment to reflect and celebrate what MISA and our members have accomplished over the past year and take a sneak peek into what’s next. MISA saw fantastic growth in FY21, having grown to more than 246 member companies,…

As I reflect on my first year at Microsoft, it was both challenging and exceptional: from my remote onboarding in the middle of a pandemic to dramatic changes in the cyber landscape, to Microsoft’s critical role as a frontline responder in some of the most sophisticated cyberattacks in history and leading the security industry. Our world is changing, and Microsoft Security is rising to the challenges of a new normal. I am thrilled and humbled by the milestones we achieved this past year. We surpassed $10 billion in security business revenue, representing more than 40 percent year-over-year growth, and were recognized as a leader in five Gartner Magic Quadrants and seve…

Customers trust Windows Server to run their business-critical and mission-critical workloads. With feedback from customers, we are continuing to introduce new innovations for Windows Server workloads on Azure, on-premises, and at the edge. Recently, we announced Windows Server 2022 preview, which introduces advanced multi-layer security, hybrid capabilities, and enhancements to modernize applications with containers. Likewise, we have introduced a number of enhancements such as Azure Automanage for Windows Server and Windows Admin Center in Azure for Windows Server on Azure. As we introduce many innovations for Windows Server, support for older versions along with secu…

As you've hopefully heard by now, this morning we announced the introduction of a new service that takes the venerable Windows operating system to the Microsoft cloud. I'm proud to introduce you to Windows 365, and to the new Tech Community we've created for it. Windows 365 streams a full, personalized Windows experience to end users–including their apps, content, and settings–to any device. Unlike traditional virtual desktop infrastructure (VDI), it does this by leveraging the same skills and tools you already use to deploy and manage physical PCs, at a predictable per-user, per-month price. Windows 365 delivers a Windows 10 or Windows 11 (when generally available) pe…

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures. The vulnerability being exploited is CVE-2021-35211, which was recently patched by SolarWinds. The vulnerability, which Microsoft reported to SolarWinds, exists in Serv-U’s implementation of the Secure Shell (SSH) protocol. If Serv-U’s SSH is exposed to the internet, successful exploitation would give attackers ability to remotely ru…

Whether you're new to IE mode or are already planning for it, here's a closer look at what's going on under the hood and a sneak peek at enhancements to come. A month ago, we announced that the future of Internet Explorer (IE) on Windows 10 is in Microsoft Edge and that the Internet Explorer 11 (“IE11”) desktop application will retire and go out of support on June 15, 2022, for certain versions of Windows 10. At the core of this announcement is Microsoft Edge and its dual engine advantage that brings the web together—both modern and legacy—into a single browser experience. Side by side in Microsoft Edge are the Chromium engine to open modern websites and Internet Explo…

Organizations are increasingly using the cloud to reimagine every facet of their business. Hybrid work has accelerated this digital transformation, and customers are challenged with the increasing sophistication and frequency of cyberattacks. Today, Microsoft is announcing that we have entered into a definitive agreement to acquire RiskIQ, a leader in global threat intelligence and attack surface management, to help our shared customers build a more comprehensive view of the global threats to their businesses, better understand vulnerable internet-facing assets, and build world-class threat intelligence. As organizations pursue this digital transformation and embrace t…

We know you have a lot on your plate, and we want to help you manage Windows updates as effectively as possible. We continue to make investments in Windows release health on docs.microsoft.com based on your feedback and are happy to share that this experience is now available in 10 languages! Localization was one of the top requests from last year's survey about the Windows release health experience on Docs. (And you can keep sharing what you like and don’t like on this year’s survey.) As a result, you can now access information about the status of issues, safeguard holds, lifecycle, and feature rollouts in the most requested languages: French (France), German, Spanish…

On Tuesday July 6, 2021, Microsoft issued CVE-2021-34527 regarding a Windows Print Spooler vulnerability. Updates were released on July 6 and 7 which addressed the vulnerability for all supported Windows versions. We encourage customers to update as soon as possible. CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability. Following the out of band release … Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability Read More » Continue reading...

Partnering with the security research community is an important part of Microsoft’s holistic approach to defending against security threats. Bug bounty programs are one part of this partnership. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), researchers continue to help us secure millions of customers. Over the past 12 months, Microsoft … Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards Read More » Continue reading...

We’re pleased to announce that in its first year of inclusion in the Gartner Magic Quadrant report, Microsoft Azure Sentinel has been named a Visionary, where we were recognized for our completeness of vision for SIEM.1 Gartner has said that “cloud SIEM will be the future of how many organizations consume technology.”2 We wholeheartedly agree! Today, security teams are constantly asked to do more with less. They need to protect expanding digital estates, detect increasingly advanced threats through huge amounts of noise, and keep up with a massive backlog of investigations. Azure Sentinel is built from the ground up to be completely cloud-native, and it enables secu…