Microsoft Security Newsletter - October 2015
October 2015
Microsoft Security Newsletter
October's Security Newsletter has arrived!
The theme of this monthÆs newsletter is client security and Windows 10. I have been talking to customers a lot about cloud services and the relative security of these services versus that of on-premises IT.
In these conversations, typically the first thing that customers want to discuss with me is the security of MicrosoftÆs datacenters.I find this interesting because the vast majority of threats come from the clients that are used to access cloud services and on-premises IT applications, not from the datacenter. This is what I call the “forgotten part of the cloud” and is something I wrote about over 3 years ago:
http://blogs.microsoft.com/cy bertrust/2012/04/25/the-forgotten-part-of-cloud-security-the-clients/
The Forgotten Part of Cloud Security û the Clients .
Client-side security is as important as it ever has been, even for organizations that use cloud services. This is one aspect of operations that customers canÆt delegate to their cloud service provider. That said, Microsoft is the one vendor in the world that provides end-to-end support from the client to the cloud; we are helping our customers with client-side security with all the security capabilities we have built into Windows and will continue to evolve in the future. ItÆs also why there are so many awesome security products and capabilities built into the
http://www.microsoft.com/en-us/server-cloud/enterprise-mobility/overview.aspx Enterprise Mobility Suite (EMS) including cloud-based products like Azure Active Directory, products for securing and managing clients like In-Tune, and on-premises security products like Advanced Threat Analytics. If you havenÆt already, check out EMS û the fasting selling enterprise product in MicrosoftÆs history!
As far as Windows operating system releases go, Windows 10 really is a huge step forward for client security. There is a very impressive list of new and improved security features and functionality in Windows 10. Windows 10 has been designed to help secure devices and identities, offer improved threat resistance and information protection. Some of the new and enhanced protections built into Windows 10 include
https://channel9.msdn.com/Events/Ignite/2015/BRK2324
Windows Hello ,
https://technet.microsoft.com/library/dn985839.aspx?ocid=wc-nl-secnews Microsoft Passport ,
https://technet.microsoft.com/library/dn985838.aspx?ocid=wc-nl-secnews Enterprise Data Protection ,
https://technet.microsoft.com/library/mt403325.aspx?ocid=wc-nl-secnews BitLocker ,
https://technet.microsoft.com/library/mt483740.aspx?ocid=wc-nl-secnews Credential Guard ,
https://technet.microsoft.com/library/dn986865.aspx?ocid=wc-nl-secnews
Device Guard , and
https://channel9.msdn.com/Events/Ignite/2015/BRK2333
Windows Defender to name just a few. Enterprise customers can evaluate these Windows 10 security features by downloading the
https://technet.microsoft.com/evalcenter/dn781239.aspx?ocid=wc-nl-secnews Windows 10 Enterprise Evaluation and trying Windows 10 Enterprise free for 90 days.
Please enjoy this monthÆs newsletter.
Best regards,
Tim Rains, Chief Security Advisor
Cybersecurity & Cloud Strategy, Microsoft
Want to share this newsletter with a friend or colleague?
https://technet.microsoft.com/en-us/security/cc307424.aspx
Click here for the online edition and subscription options .
Have feedback on how we can improve this newsletter? Email us at mailto:
secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.
Top Stories
http://blogs.microsoft.com/cybertrust/2015/10/26/cloud-security-controls-series -managing-shadow-it/
Cloud Security Controls Series: Managing “Shadow IT”
While some companies are adamant that no one within their organization is currently using the cloud, others speculate that some groups are undoubtedly using cloud apps unbeknownst to their IT department and without explicit organizational approval to do so. Learn how to gather data to help you gain insight into the “shadow IT” solutions that might be in use within your organization.
http://blogs.microsoft.com/cybertrust/2015/10/08/cloud-security-controls-series -penetration-testing-red-teaming-forensics/
Cloud Security Controls Series: Penetration Testing, Red Teaming, & Forensics
Learn about MicrosoftÆs own penetration tests, whether you can do penetration testing on Microsoft cloud services, and how the cloud impacts customersÆ ability to perform forensic investigations on systems they have in the cloud.
http://blogs.microsoft.com/cybertrust/2015/10/01/cloud-security-controls-series -onedrive-for-business/
Cloud Security Controls Series: OneDrive for Business
Find out about the security controls built into OneDrive for Business that will help them manage the security of the data they store there.
http://blogs.microsoft.com/cybertrust/2015/10/07/whats-new-with-microsoft-threa t-modeling-tool-2016/
WhatÆs New with Microsoft Threat Modeling Tool 2016
Available as a free download from the Microsoft Download Center, the Microsoft Threat Modeling Tool is a free tool to help you find threats in the design phase of software projects. Explore the improvements in the latest release, which simplifies working with threats and provides a new editor for defining your own threats.
http://blogs.technet.com/b/msrc/archive/2015/10/20/microsoft-bounty-programs-ex pansion-net-core-and-asp-net-beta-bounty.aspx
Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty
.NET and ASP.NET represent critical building blocks in the Visual Studio Development Suite. Learn about this latest expansion of the
https://aka.ms/bugbounty
Microsoft Bounty Program .
Security Guidance
https://channel9.msdn.com/Events/Ignite/2015
Security Tip of the Month: Get up to speed with the best from Microsoft Ignite 2015
Looking for in-depth walkthroughs of Windows 10 security technologies? DidnÆt have a chance to attend this yearÆs Ignite conference? Start with these on-demand sessions:
-
https://channel9.msdn.com/Events/Ignite/2015/C9-02
Inside Identity and Deployment for Windows 10
-
https://channel9.msdn.com/Events/Ignite/2015/BRK2325
A New Era of Threat Resistance for the Windows 10 Platform
-
https://channel9.msdn.com/Events/Ignite/2015/BRK2308
Windows 10: Security Internal
-
https://channel9.msdn.com/Events/Ignite/2015/BRK3336
Black Belt Security with Windows 10
-
https://channel9.msdn.com/Events/Ignite/2015/C9-14
Pass the Hash and Windows 10 Security
-
https://channel9.msdn.com/Events/Ignite/2015/BRK3309
Windows 10 for Mobile Devices: Secure by Design
-
https://channel9.msdn.com/Events/Ignite/2015/BRK2324
Secure Authentication with Windows Hello
-
https://channel9.msdn.com/Events/Ignite/2015/BRK2336
Dropping the Hammer Down on Malware Threats with Windows 10Æs Device Guard
https://technet.microsoft.com/library/mt601297.aspx?ocid=wc-nl-secnews
Windows 10 security overview
Get a detailed description of the most important security improvements in the Windows 10 operating system and how they can help you protect your organization.
https://technet.microsoft.com/library/mt158215.aspx?ocid=wc-nl-secnews
Keep Windows 10 secure
Ready to delve deeper into Windows 10 security? Check out these resources:
-
https://technet.microsoft.com/library/mt404675.aspx?ocid=wc-nl-secnews BitLocker
-
https://technet.microsoft.com/library/mt483740.aspx?ocid=wc-nl-secnews Credential Guard overview
-
https://technet.microsoft.com/library/mt463091.aspx?ocid=wc-nl-secnews
Device Guard deployment guide and
https://technet.microsoft.com/library/mt219733.aspx?ocid=wc-nl-secnews
Device Guard certification and compliance
-
https://technet.microsoft.com/library/mt219735.aspx?ocid=wc-nl-secnews
Manage identity verification using Microsoft Passport and
https://technet.microsoft.com/library/mt589441.aspx?ocid=wc-nl-secnews Microsoft Passport guide
-
https://technet.microsoft.com/library/mt431897.aspx?ocid=wc-nl-secnews
Security auditing
-
https://technet.microsoft.com/library/mt431893.aspx?ocid=wc-nl-secnews
Trusted Platform Module
-
https://technet.microsoft.com/library/mt437606.aspx?ocid=wc-nl-secnews
User Account Control
-
https://technet.microsoft.com/library/mt210942.aspx?ocid=wc-nl-secnews
VPN profile options
This Month's Security Bulletins
October 2015 Security Bulletins
Critical
-MS15-106:3096441
https://technet.microsoft.com/library/security/ms15-106
Cumulative Security Update for Internet Explorer
-MS15-108:3089659
https://technet.microsoft.com/library/security/ms15-108
Security Update for JScript and VBScript to Address Remote Code Execution
-MS15-109:3096443
https://technet.microsoft.com/library/security/ms15-109
Security Update for Windows Shell to Address Remote Code Execution
Important
-MS15-107:3096448
https://technet.microsoft.com/library/security/ms15-107
Cumulative Security Update for Microsoft Edge
-MS15-110:3096440
https://technet.microsoft.com/library/security/ms15-110
Security Updates for Microsoft Office to Address Remote Code Execution
-MS15-111:3096447
https://technet.microsoft.com/library/security/ms15-111
Security Update for Windows Kernel to Address Elevation of Privilege
October 2015 Security Bulletin Resources:
-
http://blogs.technet.com/b/msrc/archive/2015/10/13/october-2015-security-upda te-release-summary.aspx
October 2015 Security Update Release Summary
-
Malicious Software Removal Tool:
http://www.microsoft.com/en-us/download/malic ious-software-removal-tool-details.aspx
October 2015 Update and
http://blogs.technet.com/b/mmpc/archive/2015/10/13/ms rt-october-2015-tescrypt.aspx
blog summary
Security Events and Training
https://www.microsoftvirtualacademy.com/en-US/training-courses/getting-started- with-windows-10-for-it-professionals-10629
Microsoft Virtual Academy: Getting Started with Windows 10 for IT Professionals
Walk through what's new in Windows 10 deployment and management, with a team of experts. Look at runtime provisioning, mobile device management (MDM), secure authentication, and much more. Plus, find out what Windows as a Service means for you and your organization.
https://www.microsoftvirtualacademy.com/en-US/training-courses/security-in-the- enterprise-11859?l=kHFO1SlXB_1604300474
Microsoft Virtual Academy: Security in the Enterprise
Walk with experts through social media platforms to discover how they really work. Get tips and practical advice on social networking security. Plus, explore methods of developing a secure baseline and how to harden your Windows Enterprise architectures and applications from pass-the-hash and other advanced attacks, and look at system patching. Finally, learn how to help improve your organization's security with Microsoft operating systems and tools.
https://channel9.msdn.com/Series/Azure-AD-Identity/Win10AADJoin
Azure AD Join in Windows 10
Learn how Azure Active Directory (Azure AD) Join can enable your mobile workforce.
https://channel9.msdn.com/Series/Endpoint-Zone/Endpoint-Zone-Episode-10-Windows -10
Endpoint Zone Episode 10: Windows 10
Explore Windows 10 security features, the upgrade process, how to prepare for Windows as a Service, and more.
Essential Tools
-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins
-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories
-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit
-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit
-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool
-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer
Security Centers
-
http://technet.microsoft.com/security
Security TechCenter
-
http://msdn.microsoft.com/security
Security Developer Center
-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center
-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center
-
http://www.microsoft.com/privacy
Microsoft Privacy
-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750
Microsoft Security Product Solution Centers
Additional Resources
-
http://blogs.microsoft.com/cybertrust/
Microsoft Cybertrust Blog
-
http://blogs.msdn.com/b/azuresecurity/
Microsoft Azure Security Blog
-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report
-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle
-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide
-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources
technet.microsoft.com/security
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
(c) 2015 Microsoft Corporation
http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Copyright/defau lt.aspx
Terms of Use |
http://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/en-us.aspx Trademarks
Microsoft respects your privacy. To learn more please read our online
http://go.microsoft.com/fwlink/?LinkId=248681
Privacy Statement .
If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please
http://click.email.microsoftemail .com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a0079e5cc587f4d16330b7c3c c8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc86da6ec31429405e8d901a0ba1bc c785e4c4a45df6153a0ac3cd1f17341babb84&oneClick=newsletter
click here . These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.
To set your contact preferences for other Microsoft communications
http://clic k.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a00 79e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc86da6e c31429405e8d901a0ba1bcc785e4c4a45df6153a0ac3cd1f17341babb84
click here .
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games
Web-based telnet client
IRC
Email & news access