Compare GPO Settings to Security Best Practices Using the New Microsoft Security Configuration Toolkit

Microsoft has released a set of tools that allow security administrators to compare current GPO settings against Microsoft best practices. The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs).  Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects Download: Microsoft Security Compliance Toolkit 1.0

Hacker Posts Windows 10 Zero-day Exploit Code on GitHub

A severe zero-day vulnerability concept has been posted to GitHub by a hacker that is labeled as “SandboxEscaper.” First identified by The Hacker News, the exploit is a privilege escalation issue that could allow a local attacker or malware to gain and run code with administrative system privileges on the targeted machines, eventually allowing the attacker to gain full control of the machine. Microsoft is aware of the code and the vulnerability and is currently researching the situation. When approached about the vulnerability news, company reps delivered the following placeholder statement… Microsoft has a customer commitment to investigate reported security issues and update impacted devices promptly. We are aware of the reporting on this issue and investigating. Soluti...

Microsoft Azure Active Directory Connect Update Fixes Security Vulnerability

You might have noticed on Microsoft’s download site that Azure Active Directory Connect received an update, but unless you were also reading through this month’s security announcements you may have missed the reason for the update. Microsoft Azure Active Directory Connect has a severe elevation of privilege vulnerability for which there is no mitigation nor workaround other than just installing the new version. An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions. To exploit this, an attacker would need to authenticate to the Azure AD Connect server. These cmdlets can be executed remotely only if remo...

Microsoft Attack Surface Analyzer Gets a Long Overdue Version Bump, Adds Supported Platforms

The first version of the Attack Surface Analyzer was released way back in 2012, so it was due for a big update. The new version (2.0), supports Windows, Linux, and macOS and is also now available as an open source project on GitHub. ASA 2.0 scans to detect changes in the following items: File System User Accounts System Services Network Ports (listeners) System Certificate Stores Windows Registry Get it on GitHub:

Addressing the Disclosed MDS Vulnerability for Azure VMs

A recently disclosed vulnerability affects many modern processors and operating systems including Intel, AMD, and ARM. Referred to as “speculative execution side-channel attacks,” this serious vulnerability can allow attackers to read privileged data across trust boundaries. Microsoft Azure platforms are fully protected and mitigation has already been deployed. However, customers managing their own VMs and virtual environments in Azure need to be aware that actions may need to be performed. Microsoft has supplied guidance for this scenario: Guidance for mitigating speculative execution side-channel vulnerabilities in Azure Customers that are running untrusted code within their VM need to take action to protect against these vulnerabilities by reading below for additional guidan...

Tip: Testing Your Security Hardening with an Office 365 Attack Simulation

Did you know that Microsoft provides and Attack Simulator for Office 365? If you are an Office 365 global administrator and your organization has Office 365 Threat Investigation and Response capabilities, you can use Attack Simulator to run realistic attack scenarios in your organization. This can help you identify and find vulnerable users before a real attack impacts your bottom line. There are three different simulations that can be run: Display name spear-phishing attack Password-spray attack Brute-force password attack See: Attack Simulator in Office 365

Microsoft News: March Updates for Office 365, Microsoft 365 Security and More

The Microsoft release cadence has become somewhat of a runaway train these days.  It’s near impossible to keep up with all the updates without help. Sometimes you need “just the facts”.  Microsoft is quite helpful in this regard and they sent us some news items (below).  In addition, they have their own blog site that is worth checking out to keep up with their cadence. One of the more exciting pieces of news revolves around the new features in Microsoft Teams.  One of the new features is the ability to replace your background during video chats.  You can put the company logo behind you or a cool picture or just blur the background.  Another new feature is support for an additional camera in Microsoft Teams Rooms so that you can show additional information (like analog wh...

Tip: Lockdown Creation of Microsoft Teams and Office 365 Groups

MVP, Anthony Caragol has put together a tool that provides the ability administrators to keep Teams and Office 365 Groups from being created except for those designated to do it. In this case, the tool can be used to lockdown creation to just a specific security group or to global and other admins. Download: Microsoft Teams and Office 365 Creation Lockdown Tool

Adaptive Network Hardening in Azure Security Center Now in Public Preview

Microsoft has now delivered adaptive network hardening capability into a public preview. What does it do? Adaptive Network Hardening uses intelligence to learn the network traffic and connectivity patterns of the Azure workloads and provide network security recommendations for rule configuration for your internet-facing virtual machines. To find this, in the Azure Portal go to Security Center select Networking and then Adaptive network hardening.

Microsoft Word Being Used as a Trojan Horse, Microsoft Says the Vulnerability Doesn’t Meet the Security Bar to Warrant a Fix

Mimecast Research Labs has identified a memory corruption problem with Microsoft Word in that attackers can use the exploit to bypass Windows antimalware security – and apparently, some are actively exploiting it now. Our detection engines spotted an attacker group, which seems to originate from Serbia, using specially-crafted Microsoft Word documents to take advantage of how Microsoft Word handles Integer Overflow errors in the OLE file format. The group was able to exploit this bug to circumvent many security solutions designed to protect data from infestation, including leading sandbox and anti-malware technologies. According to Mimecast, it notified Microsoft way back in May of 2018.  Two days later, Microsoft told Mimecast that the issue didn’t meet the security bar, so a ...

Adobe Chooses April 2019 to Euthanize Shockwave

Adobe’s web media helper apps have a long history of being problematic from a security perspective, needing constant patches and fixes to keep customers safe. So, it should come as no surprise that the company will end its Shockwave product soon. While it’s other popular media app, Flash, reaches its end of life in 2020, Shockwave will be retired next month. According to the company’s FAQ on the topic… Effective April 9, 2019, Adobe Shockwave will be discontinued and the Shockwave player for Windows will no longer be available for download. Retiring the Shockwave player for Windows is the last step in a multi-year process: Adobe Director, an authoring tool for Shockwave content, was discontinued on February 1, 2017 and the Shockwave player for macOS was discontinued...

With a Serious Exploit Being Actively Targeted Against Windows 7, Google Pushes Windows 10 Upgrades

Google recently patched a zero-day flaw in its Chrome web browser, but a second one that affects Windows 7 is still being actively exploited. Google relayed the information about the vulnerability to Microsoft, and the Windows company has responded directly to Google that a fix is in the works. Of course, there’s no timeline given, so Windows 7 users are vulnerable. Based on the vulnerability that only affects Windows 7, Google is providing this guidance: As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows and to apply Windows patches from Microsoft when they become available. We will update this post when they are available. Details: Disclosing vulnerabilities to protect users across platform...