Forum: Digital Distortion

Microsoft Security Newsletter - October 2015

From Lord Time@TIME to All on Fri Oct 30 23:23:31 2015

Microsoft Security Newsletter - October 2015

October 2015
Microsoft Security Newsletter

October's Security Newsletter has arrived!

The theme of this monthÆs newsletter is client security and Windows 10. I have been talking to customers a lot about cloud services and the relative security of these services versus that of on-premises IT.

In these conversations, typically the first thing that customers want to discuss with me is the security of MicrosoftÆs datacenters.I find this interesting because the vast majority of threats come from the clients that are used to access cloud services and on-premises IT applications, not from the datacenter. This is what I call the “forgotten part of the cloud” and is something I wrote about over 3 years ago: http://blogs.microsoft.com/cy bertrust/2012/04/25/the-forgotten-part-of-cloud-security-the-clients/

The Forgotten Part of Cloud Security û the Clients .

Client-side security is as important as it ever has been, even for organizations that use cloud services. This is one aspect of operations that customers canÆt delegate to their cloud service provider. That said, Microsoft is the one vendor in the world that provides end-to-end support from the client to the cloud; we are helping our customers with client-side security with all the security capabilities we have built into Windows and will continue to evolve in the future. ItÆs also why there are so many awesome security products and capabilities built into the http://www.microsoft.com/en-us/server-cloud/enterprise-mobility/overview.aspx Enterprise Mobility Suite (EMS) including cloud-based products like Azure Active Directory, products for securing and managing clients like In-Tune, and on-premises security products like Advanced Threat Analytics. If you havenÆt already, check out EMS û the fasting selling enterprise product in MicrosoftÆs history!

As far as Windows operating system releases go, Windows 10 really is a huge step forward for client security. There is a very impressive list of new and improved security features and functionality in Windows 10. Windows 10 has been designed to help secure devices and identities, offer improved threat resistance and information protection. Some of the new and enhanced protections built into Windows 10 include https://channel9.msdn.com/Events/Ignite/2015/BRK2324
Windows Hello , https://technet.microsoft.com/library/dn985839.aspx?ocid=wc-nl-secnews Microsoft Passport , https://technet.microsoft.com/library/dn985838.aspx?ocid=wc-nl-secnews Enterprise Data Protection , https://technet.microsoft.com/library/mt403325.aspx?ocid=wc-nl-secnews BitLocker , https://technet.microsoft.com/library/mt483740.aspx?ocid=wc-nl-secnews Credential Guard , https://technet.microsoft.com/library/dn986865.aspx?ocid=wc-nl-secnews
Device Guard , and
https://channel9.msdn.com/Events/Ignite/2015/BRK2333
Windows Defender to name just a few. Enterprise customers can evaluate these Windows 10 security features by downloading the https://technet.microsoft.com/evalcenter/dn781239.aspx?ocid=wc-nl-secnews Windows 10 Enterprise Evaluation and trying Windows 10 Enterprise free for 90 days.

Please enjoy this monthÆs newsletter.

Best regards,

Tim Rains, Chief Security Advisor

Cybersecurity & Cloud Strategy, Microsoft

Want to share this newsletter with a friend or colleague? https://technet.microsoft.com/en-us/security/cc307424.aspx
Click here for the online edition and subscription options .

Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.

Top Stories

http://blogs.microsoft.com/cybertrust/2015/10/26/cloud-security-controls-series -managing-shadow-it/

Cloud Security Controls Series: Managing “Shadow IT”

While some companies are adamant that no one within their organization is currently using the cloud, others speculate that some groups are undoubtedly using cloud apps unbeknownst to their IT department and without explicit organizational approval to do so. Learn how to gather data to help you gain insight into the “shadow IT” solutions that might be in use within your organization.

http://blogs.microsoft.com/cybertrust/2015/10/08/cloud-security-controls-series -penetration-testing-red-teaming-forensics/

Cloud Security Controls Series: Penetration Testing, Red Teaming, & Forensics

Learn about MicrosoftÆs own penetration tests, whether you can do penetration testing on Microsoft cloud services, and how the cloud impacts customersÆ ability to perform forensic investigations on systems they have in the cloud.

http://blogs.microsoft.com/cybertrust/2015/10/01/cloud-security-controls-series -onedrive-for-business/

Cloud Security Controls Series: OneDrive for Business

Find out about the security controls built into OneDrive for Business that will help them manage the security of the data they store there.

http://blogs.microsoft.com/cybertrust/2015/10/07/whats-new-with-microsoft-threa t-modeling-tool-2016/

WhatÆs New with Microsoft Threat Modeling Tool 2016

Available as a free download from the Microsoft Download Center, the Microsoft Threat Modeling Tool is a free tool to help you find threats in the design phase of software projects. Explore the improvements in the latest release, which simplifies working with threats and provides a new editor for defining your own threats.

http://blogs.technet.com/b/msrc/archive/2015/10/20/microsoft-bounty-programs-ex pansion-net-core-and-asp-net-beta-bounty.aspx

Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty

.NET and ASP.NET represent critical building blocks in the Visual Studio Development Suite. Learn about this latest expansion of the https://aka.ms/bugbounty
Microsoft Bounty Program .

Security Guidance

https://channel9.msdn.com/Events/Ignite/2015
Security Tip of the Month: Get up to speed with the best from Microsoft Ignite 2015

Looking for in-depth walkthroughs of Windows 10 security technologies? DidnÆt have a chance to attend this yearÆs Ignite conference? Start with these on-demand sessions:
-
https://channel9.msdn.com/Events/Ignite/2015/C9-02
Inside Identity and Deployment for Windows 10
-
https://channel9.msdn.com/Events/Ignite/2015/BRK2325
A New Era of Threat Resistance for the Windows 10 Platform
-
https://channel9.msdn.com/Events/Ignite/2015/BRK2308
Windows 10: Security Internal
-
https://channel9.msdn.com/Events/Ignite/2015/BRK3336
Black Belt Security with Windows 10
-
https://channel9.msdn.com/Events/Ignite/2015/C9-14
Pass the Hash and Windows 10 Security
-
https://channel9.msdn.com/Events/Ignite/2015/BRK3309
Windows 10 for Mobile Devices: Secure by Design
-
https://channel9.msdn.com/Events/Ignite/2015/BRK2324
Secure Authentication with Windows Hello
-
https://channel9.msdn.com/Events/Ignite/2015/BRK2336
Dropping the Hammer Down on Malware Threats with Windows 10Æs Device Guard

https://technet.microsoft.com/library/mt601297.aspx?ocid=wc-nl-secnews
Windows 10 security overview

Get a detailed description of the most important security improvements in the Windows 10 operating system and how they can help you protect your organization.

https://technet.microsoft.com/library/mt158215.aspx?ocid=wc-nl-secnews
Keep Windows 10 secure

Ready to delve deeper into Windows 10 security? Check out these resources:
-
https://technet.microsoft.com/library/mt404675.aspx?ocid=wc-nl-secnews BitLocker
-
https://technet.microsoft.com/library/mt483740.aspx?ocid=wc-nl-secnews Credential Guard overview
-
https://technet.microsoft.com/library/mt463091.aspx?ocid=wc-nl-secnews
Device Guard deployment guide and https://technet.microsoft.com/library/mt219733.aspx?ocid=wc-nl-secnews
Device Guard certification and compliance
-
https://technet.microsoft.com/library/mt219735.aspx?ocid=wc-nl-secnews
Manage identity verification using Microsoft Passport and https://technet.microsoft.com/library/mt589441.aspx?ocid=wc-nl-secnews Microsoft Passport guide
-
https://technet.microsoft.com/library/mt431897.aspx?ocid=wc-nl-secnews
Security auditing
-
https://technet.microsoft.com/library/mt431893.aspx?ocid=wc-nl-secnews
Trusted Platform Module
-
https://technet.microsoft.com/library/mt437606.aspx?ocid=wc-nl-secnews
User Account Control
-
https://technet.microsoft.com/library/mt210942.aspx?ocid=wc-nl-secnews
VPN profile options

This Month's Security Bulletins

October 2015 Security Bulletins

Critical

-MS15-106:3096441
https://technet.microsoft.com/library/security/ms15-106

Cumulative Security Update for Internet Explorer

-MS15-108:3089659
https://technet.microsoft.com/library/security/ms15-108

Security Update for JScript and VBScript to Address Remote Code Execution

-MS15-109:3096443
https://technet.microsoft.com/library/security/ms15-109

Security Update for Windows Shell to Address Remote Code Execution

Important

-MS15-107:3096448
https://technet.microsoft.com/library/security/ms15-107

Cumulative Security Update for Microsoft Edge

-MS15-110:3096440
https://technet.microsoft.com/library/security/ms15-110

Security Updates for Microsoft Office to Address Remote Code Execution

-MS15-111:3096447
https://technet.microsoft.com/library/security/ms15-111

Security Update for Windows Kernel to Address Elevation of Privilege

October 2015 Security Bulletin Resources:

- http://blogs.technet.com/b/msrc/archive/2015/10/13/october-2015-security-upda te-release-summary.aspx

October 2015 Security Update Release Summary
-
Malicious Software Removal Tool: http://www.microsoft.com/en-us/download/malic ious-software-removal-tool-details.aspx

October 2015 Update and http://blogs.technet.com/b/mmpc/archive/2015/10/13/ms rt-october-2015-tescrypt.aspx
blog summary

Security Events and Training

https://www.microsoftvirtualacademy.com/en-US/training-courses/getting-started- with-windows-10-for-it-professionals-10629

Microsoft Virtual Academy: Getting Started with Windows 10 for IT Professionals

Walk through what's new in Windows 10 deployment and management, with a team of experts. Look at runtime provisioning, mobile device management (MDM), secure authentication, and much more. Plus, find out what Windows as a Service means for you and your organization.

https://www.microsoftvirtualacademy.com/en-US/training-courses/security-in-the- enterprise-11859?l=kHFO1SlXB_1604300474

Microsoft Virtual Academy: Security in the Enterprise

Walk with experts through social media platforms to discover how they really work. Get tips and practical advice on social networking security. Plus, explore methods of developing a secure baseline and how to harden your Windows Enterprise architectures and applications from pass-the-hash and other advanced attacks, and look at system patching. Finally, learn how to help improve your organization's security with Microsoft operating systems and tools.

https://channel9.msdn.com/Series/Azure-AD-Identity/Win10AADJoin
Azure AD Join in Windows 10

Learn how Azure Active Directory (Azure AD) Join can enable your mobile workforce.

https://channel9.msdn.com/Series/Endpoint-Zone/Endpoint-Zone-Episode-10-Windows -10
Endpoint Zone Episode 10: Windows 10

Explore Windows 10 security features, the upgrade process, how to prepare for Windows as a Service, and more.

Essential Tools

-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins

-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories

-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit

-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit

-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool

-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer

Security Centers

-
http://technet.microsoft.com/security
Security TechCenter

-
http://msdn.microsoft.com/security
Security Developer Center

-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center

-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center

-
http://www.microsoft.com/privacy
Microsoft Privacy

-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750
Microsoft Security Product Solution Centers

Additional Resources

-
http://blogs.microsoft.com/cybertrust/
Microsoft Cybertrust Blog

-
http://blogs.msdn.com/b/azuresecurity/
Microsoft Azure Security Blog

-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report

-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle

-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide

-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources

technet.microsoft.com/security

This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

(c) 2015 Microsoft Corporation

http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Copyright/defau lt.aspx

Terms of Use |

http://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/en-us.aspx Trademarks

Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=248681
Privacy Statement .

If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please http://click.email.microsoftemail .com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a0079e5cc587f4d16330b7c3c c8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc86da6ec31429405e8d901a0ba1bc c785e4c4a45df6153a0ac3cd1f17341babb84&oneClick=newsletter

click here . These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.

To set your contact preferences for other Microsoft communications http://clic k.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a00 79e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc86da6e c31429405e8d901a0ba1bcc785e4c4a45df6153a0ac3cd1f17341babb84

click here .

Microsoft Corporation

One Microsoft Way

Redmond, WA 98052 USA
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games

Web-based telnet client

Other Links
What is a BBS?
Doors installed on this BBS
Digital Distortion Doors & Tools
Door stats
Trivia scores
Message networks
Terminal software
Synchronet archiver setup
Ready.gov anti-terrorist guidelines as of 2003

Other services
Telnet
RLogin
IRC
Email & news access

Feel free to send me an email.

BBS UPS stats
Who's Online
Recent Visitors
- Wilmaxs
  Wed Aug 16 04:20:48 2023
  via HTTP
- Mariachilds
  Fri Aug 11 02:57:26 2023
  from United states via HTTP
- detibi8403
  Sat Aug 5 04:44:08 2023
  via HTTP
- cepefoh251
  Wed Aug 2 01:21:39 2023
  via HTTP

System Info

Sysop:	Eric Oulashin
Location:	Beaverton, Oregon, USA
Users:	96
Nodes:	16 (0 / 16)
Uptime:	07:37:13
Calls:	5,202
Calls today:	4
Files:	8,493
D/L today:	1,509 files (235M bytes)
Messages:	353,377

Microsoft Security Newsletter - October 2015

Who's Online

Recent Visitors

System Info