Microsoft Support & Discussions

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex botnet continues to maintain a large network of bots and generates wide-ranging malicious activities. These activities, which traditionally included extortion and spamming activities, have expanded to include cryptocurrency mining. From 2018, we also observed an increase in data exfiltration activities and ransomware delivery, with the bot installer observed to be distributing…

At Microsoft, we continuously collaborate with customers and the InfoSec community to learn more about the latest adversary tradecraft so that we can improve our detection strategies across all our security services. Even though those detections are already built into our products, and protecting customers today, we believe it is important for security researchers to go beyond alerts and detections to understand the underlying attack behaviors and technical implementation of adversary techniques. This also empowers others in the InfoSec community to better respond to investigations of related attacks. To help the broader security community with these efforts, we are relea…

On October 31, 2021, Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2) will no longer synchronize and download updates. WSUS is key to the Windows servicing process for many organizations. Whether being used standalone or as a component of other products, it provides a variety of useful features including automating the download and installation of Windows updates. Extended support for WSUS 3.0 SP2 ended on January 14, 2020, in alignment with the end of support dates for Windows Server 2008 SP2 and Windows Server 2008 R2. It is, however, still possible to synchronize and download updates from Microsoft using WSUS 3.0 SP2. WSUS relies on several diff…

As one of the leading solution providers for applications that manage business processes, SAP is the custodian for massive amounts of sensitive data in many of the biggest organizations in the world. Since these applications are business-critical, an SAP security breach can be catastrophic. Yet, protecting SAP applications is uniquely challenging. These systems are growing in complexity as organizations expand them beyond base capabilities. They are vulnerable not only to outside attacks, but also insider threats. What’s more, their complex nature means that threats can emerge across multiple modules, making cross-correlation especially important. It has been tradit…

I am thrilled to share that Forrester Research has named Microsoft Cloud App Security as a Leader in The Forrester Wave: Cloud Security Gateways, Q2 2021. Additionally, Microsoft received the highest score in the strategy category. People have increasingly used cloud apps to stay productive and connected during this challenging period. Organizations have accelerated the migration to the cloud to address their evolving needs. While the adoption of cloud apps offers a simple and cost-effective solution, it can also lead to a rise in shadow IT and creates an urgency to address new security and compliance requirements. Our continued innovation in Microsoft Cloud App Sec…

Windows 10, version 21H1 is now available through Windows Server Update Services (WSUS) and Windows Update for Business, and can be downloaded today from Visual Studio Subscriptions, the Software Download Center (via Update Assistant or the Media Creation Tool), and the Volume Licensing Service Center[1]. Today also marks the start of the 18-month servicing timeline for this H1 (first half of the calendar year) Semi-Annual Channel release. Windows 10, version 21H1 (also referred to as the Windows 10 May 2021 Update) offers a scoped set of improvements in the areas of security, remote access, and quality to ensure that your organization and your end users stay protected…

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in Mandiant’s ICS/OT Consulting practice and former engineer at Entergy, where he was a subject matter expert on transmission and distribution of supervisory control and data acquisition (SCADA) systems. In this blog, Chris shares best practices to help mitigate the security threats to operational technology (OT) environments. Natalia: What tools do you use to monitor and govern your …

As Vasu Jakkal recently shared, we are operating in the most sophisticated threat landscape ever seen, and coupled with the next great disruption—hybrid work—security is more challenging than ever. Protecting from external threats is only one part of the challenge, though. You also must protect from the inside out—another facet of “assume breach” in your Zero Trust approach. Insider risks can be malicious or inadvertent, but all impact your most important asset: your data. As our recent Work Trend Index showed, people are collaborating, chatting, emailing, and sharing in new ways and greater volume than ever before. Between February 2020 and February 2021, the time spe…

The cybersecurity landscape has fundamentally changed, as evidenced by large-scale, complex attacks like Nobelium, Hafnium, and more recently last week’s Colonial Pipeline attack, which signals that human-operated ransomware is on the rise. Hackers launch an average of 50 million password attacks every day—579 per second. Phishing attacks have increased. Firmware attacks are on the rise, and ransomware has become incredibly problematic. And while Microsoft intercepted and thwarted a record-breaking 30 billion email threats last year, our work is never done. We are now actively tracking 40 plus active nation-state actors and over 140 threat groups representing 20 cou…

We are operating in the most complex cybersecurity landscape we’ve ever seen. Sophisticated and determined attackers are the norm. And we all are preparing for the next great disruption—hybrid work. Security has never been more important, and as I shared in another Security blog today, it’s clearer than ever that a Zero Trust approach, which basically means you have to assume breach, will be critical to success. We’ve been listening and working closely with our customers around the world and rapidly innovating to help you to secure and protect your organizations. Today, I’d like to share some of our latest updates across security, compliance, identity, and management i…

As we prepare to ship version 1.0 of Windows Package Manager, we wanted to provide guidance on how to manage Windows Package Manager using Group Policy. We first announced the existence of Windows Package Manager at Microsoft Build in 2020. Designed to save you time and frustration, Windows Package Manager is a set of software tools that help automate the process of getting packages (applications) on Windows devices. Users can specify which apps they want installed and the Windows Package Manager does the work of finding the latest version (or the exact version specified) of that application and installing it on the user's Windows 10 device. Announcing Group Policy …

We are swiftly adapting to the lasting reality of a hybrid workforce, with the number of remote workers in the US expected to nearly double over the next five years, compared to pre-pandemic times. As a result, security teams are being challenged to rethink how to secure a growing and increasingly diverse portfolio of devices outside of the traditional boundaries of their organization. However, what has stayed constant during this time of change is the focus of adversaries to identify and take advantage of vulnerabilities that have been left unpatched or misconfigurations as a gateway to sensitive information. It stresses the need for a proactive approach to vulnerability…

Our mission to empower defenders and protect and secure organizations has never been more important to us. Over the last year, our customers have faced unpredictable challenges and nearly overnight have had to quickly adapt in the face of a new hybrid work environment, evolving sophistication and scope of threats, and global and economic uncertainty. The trust that customers have put into us through this journey has been humbling. No matter what the future holds, we are deeply committed to continuing to help customers prepare and adapt with security innovation that offers the best protection, detection, and response in their multi-cloud, multi-platform environments and em…

Today, organizations face an evolving threat landscape and an exponentially increasing attack surface. Email represents the primary attack vector for cybercrime, and security teams are in search of efficient and cost-effective means to minimize the risk of these threats and the impact they have on organizational productivity and innovation. We are proud to announce today that Microsoft is positioned as a leader in The Forrester Wave: Enterprise Email Security, Q2 2021¹, receiving among the highest scores in the strategy category. The Forrester Wave report evaluates enterprise email security solutions and provides a detailed overview of the current offering, strategy, a…

Cybercriminals continue to target businesses to trick recipients into approving payments, transferring funds, or, in this case, purchasing gift cards. This kind of email attack is called business email compromise (BEC)—a damaging form of phishing designed to gain access to critical business information or extract money through email-based fraud. In this blog, we want to share our investigation of a BEC campaign that used attacker-created email infrastructure to facilitate gift card theft. In this campaign, we found that attackers targeted organizations in the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional se…

Amongst all cybercrime, phishing attacks continue to be the most prevalent today. With over 90 percent of attacks coming via email, it’s important that every organization has a plan to prevent these threats from reaching users. At Microsoft, we’re passionate about providing our customers with simplified and comprehensive protection against such threats with Defender for Office 365. Earlier today, we announced that Microsoft is positioned as a leader in The Forrester Wave: Email Security, Q2 2021. This represents the latest validation of our relentless effort, strategy, and focus to keep our customers secure and offer industry-leading protection against threats orchestrate…

In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with market-leading capabilities in Microsoft Defender for Endpoint and Microsoft Defender for Identity collaborating to provide: Best overall protection: In the protection test, Microsoft Defender for Endpoint blocked all steps of the attack, and did so earliest in the attack chain compared to other vendors. This means that organizations protected by Microsoft Defender for Endpoint w…

For many, 2020 was a year of survival as they rapidly transformed their businesses in response to a new normal. From enabling new remote and hybrid work models to implementing new technology to help optimize operations, the last year has seen a significant uptick in the proliferation and role of IoT devices. Many organizations have suddenly found themselves facing an expanded attack surface area with new security challenges they were not fully prepared for. IoT solutions need to be secured end-to-end, all the way from the device to the cloud or hybrid service that the data is processed in. Securing IoT devices presents a couple of additional layers of complexity becaus…

If network issues are an obstacle to successfully deploying and using HoloLens 2 in your organization, learn how two well-known network diagnostic tools, Fiddler and Wireshark can help you scan, diagnose, and identify problems. Fiddler is a web debugging proxy and is used to troubleshoot HTTP(S) issues. It captures every HTTP request the computer makes and records everything associated with it. Uncovering end-user authentication issues for the HTTPS apps used in your organization drives better productivity and efficiency for your HoloLens 2 use cases. Wireshark is a network protocol analyzer primarily used to inspect TCP/UDP traffic from and to your HoloLens 2 devic…

In this article, we outline the key advantages of cloud-based deployments, introduce HoloLens 2 platform fundamentals, and describe the core components needed to successfully deploy HoloLens 2 devices. Enterprises around the globe are rapidly adopting mobile devices, such as laptops, smartphones, and mixed reality/virtual reality (MR/VR) headsets in an effort to improve workforce productivity and operational efficiency, With Microsoft HoloLens 2 and Mixed Reality solutions, you can transform your business workflows - from remote collaboration and task guidance to employee training and other use cases. This mobile-first device landscape means that IT teams need to lo…

Today, we are releasing Counterfit, an automation tool for security testing AI systems as an open-source project. Counterfit helps organizations conduct AI security risk assessments to ensure that the algorithms used in their businesses are robust, reliable, and trustworthy. AI systems are increasingly used in critical areas such as healthcare, finance, and defense. Consumers must have confidence that the AI systems powering these important domains are secure from adversarial manipulation. For instance, one of the recommendations from Gartner’s Top 5 Priorities for Managing AI Risk Within Gartner’s MOST Framework published in Jan 20211 is that organizations “Adopt spec…

Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These remote code execution (RCE) vulnerabilities cover more than 25 CVEs … “BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks Read More » Continue reading...

The MITRE ATT&CK® for Containers matrix was published today, establishing an industry knowledge base of attack techniques associated with containerization and related technologies that are increasingly more ubiquitous in the current computing landscape. Microsoft is happy to have contributed and worked closely with the Center for Threat-Informed Defense and other partners to develop this framework for understanding and investigating this growing attack surface. The ATT&CK for Containers builds on efforts including the threat matrix for Kubernetes developed by the Microsoft for Azure Defender for Kubernetes. The Center for Threat-Informed Defense expanded on…