Security

Update: Microsoft and Symantec Work to Give Customers a Reprieve But for This Month Only

This month’s security updates for Windows 7 and Windows 2008 customers caused those that choose to use Symantec security products to not get the updates. See: So it Begins – Microsoft Puts an Update Block in Place for Windows 7 PCs Running Symantec Software Microsoft put in a block to keep the updates from delivering to the affected systems, but that block has now been lifted, according to an update to Symantec’s support document on this issue. See: Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed However, customers still need to be wary and vigilant. Windows 7 and Windows 2008 reach end of life in early 2020 and more issues like this could crop up between now and the end of support. But, bigger still, th...

So it Begins – Microsoft Puts an Update Block in Place for Windows 7 PCs Running Symantec Software

Windows 7 and Windows 2008 PCs that are running Symantec security software are having issues installing updates today. The issue is due to security signing. Windows 7, of course, is scheduled for the trash heap in February 2020. Symantec and Microsoft are working on a temporary fix. Symantec’s support doc: Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed Microsoft’s support doc: August 13, 2019—KB4512486 (Security-only update) Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during ins...

Sept 8th Marks the End of Support for TLS 1.0 and 1.1 in Microsoft Cloud App Security

Microsoft has announced the end of support for TLS 1.0 and 1.1. As of September 8, 2019 Microsoft Cloud App Security will no longer support TLS 1.0 and 1.1. This means that any connection using these protocols will no longer work as expected, and no support will be provided. This gives customers still using the old connection protocol little time to migrate to version 1.2. To see how this affects those still utilizing the older versions, see: End of support for TLS 1.0 and 1.1 in Microsoft Cloud App Security

The Microsoft Security Response Center’s New Blog Site

Microsoft has recently migrated old content and begun blogging at its new site for the Microsoft Security Response Center. New site: https://msrc-blog.microsoft.com/ RSS Feed: https://msrc-blog.microsoft.com/feed/

July 2019 Microsoft Non-security Updates Available Today

If you’re still updating Office apps that are installed completely local using MSIs, there’s a few updates for you today. Office 2016 Update for Microsoft Access 2016 (KB4462237) Update for Microsoft Office 2016 (KB4032236) Update for Microsoft Office 2016 (KB4464582) Update for Microsoft Office 2016 (KB4464595) Update for Microsoft Office 2016 Language Interface Pack (KB4475515) Update for Microsoft Project 2016 (KB4475518) Update for Microsoft Word 2016 (KB4475521) Office 2013 Update for Microsoft Word 2013 (KB4475525) Office 2010 Update for Microsoft Filter Pack 2.0 (KB3114879) Update for Microsoft Office 2010 (KB3114397)

Azure security expert series: Cloud security with Ann Johnson

Welcome to the Azure Security Expert Series! Watch Ann Johnson, Corporate VP of Cybersecurity at Microsoft, lead a discussion on cloud security best practices and the latest Azure innovations. Then access our on-demand sessions, all led by Microsoft security product experts, to gain practical knowledge from Azure security services including: Azure Sentinel, Azure Security Center, Azure Network Security and Azure IoT security.

Multi-factor Authentication (MFA) and Office 365

Multi-factor authentication (MFA) (aka 2-step verification) can help protect Office 365 end users should your organization be targeted by cyber criminals.  But there is a caveat that IT admins should be aware of. The Background Currently Microsoft has about 160 million commercial customers on Office 365 with over a billion end users.  Talk about a target rich environment.  Every Office 365 end-user account doesn’t just let a user access one solution, but ALL solutions within the Office 365 platform that are attached to that user.  That account login information is the key to accessing all of those solutions such as email, OneDrive, corporate SharePoint Online and more.  The majority (90%) of all attacks on an organization come through email in the form of impersonation attacks, ransomware,...

On July 1 On-premises MFA Server will No Longer Be Offered for New Deployments

Good to know. Per Microsoft: As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. The on-premises version is available for download here:Azure Multi-Factor Authentication Server To setup and use Multi-Factor Authentication in Azure, see:Planning a cloud-based Azure Multi-Factor Authentication deployment

Compare GPO Settings to Security Best Practices Using the New Microsoft Security Configuration Toolkit

Microsoft has released a set of tools that allow security administrators to compare current GPO settings against Microsoft best practices. The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs).  Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects Download: Microsoft Security Compliance Toolkit 1.0

Hacker Posts Windows 10 Zero-day Exploit Code on GitHub

A severe zero-day vulnerability concept has been posted to GitHub by a hacker that is labeled as “SandboxEscaper.” First identified by The Hacker News, the exploit is a privilege escalation issue that could allow a local attacker or malware to gain and run code with administrative system privileges on the targeted machines, eventually allowing the attacker to gain full control of the machine. Microsoft is aware of the code and the vulnerability and is currently researching the situation. When approached about the vulnerability news, company reps delivered the following placeholder statement… Microsoft has a customer commitment to investigate reported security issues and update impacted devices promptly. We are aware of the reporting on this issue and investigating. Soluti...

Microsoft Azure Active Directory Connect Update Fixes Security Vulnerability

You might have noticed on Microsoft’s download site that Azure Active Directory Connect received an update, but unless you were also reading through this month’s security announcements you may have missed the reason for the update. Microsoft Azure Active Directory Connect has a severe elevation of privilege vulnerability for which there is no mitigation nor workaround other than just installing the new version. An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions. To exploit this, an attacker would need to authenticate to the Azure AD Connect server. These cmdlets can be executed remotely only if remo...

Microsoft Attack Surface Analyzer Gets a Long Overdue Version Bump, Adds Supported Platforms

The first version of the Attack Surface Analyzer was released way back in 2012, so it was due for a big update. The new version (2.0), supports Windows, Linux, and macOS and is also now available as an open source project on GitHub. ASA 2.0 scans to detect changes in the following items: File System User Accounts System Services Network Ports (listeners) System Certificate Stores Windows Registry Get it on GitHub: github.com/Microsoft/AttackSurfaceAnalyzer