Microsoft Security Newsletter - November 2013
Trustworthy Computing | November 2013
Microsoft Security Newsletter
Welcome to November’s Security Newsletter!
This month our newsletter focuses on the top threats facing enterprise organizations. Many of the customers I talk with around the world are faced with increased business complexities combined with resource and financial constraints and are interested in learning how to prioritize their security investments to manage security risk. One of the key inputs to help prioritize security risk is threat intelligence. A few weeks ago, we published volume 15 of the
http://www.microsoft.com/sir
Microsoft Security Intelligence Report (SIR) . In the report, we list out the top 10 threats facing enterprises. Based on our research, enterprises encounter malware via three primary avenues: a) malicious or compromised websites, worms that spread through networked drives, and autorun feature abuse; b) weak passwords; or c) social engineering.
By the end of 2012, web-based attacks had surpassed traditional network worms to become the top threats facing enterprises and the latest SIR shows that this trend is continuing. In fact, during the second quarter of 2013, six out of the top 10 threats facing enterprises were associated with malicious or compromised websites. While web-based attacks have become the most common threats facing enterprises, worms cannot be ignored. In the second quarter of 2013 three out of the top ten threats facing enterprises were associated with worms. The third most common way in which enterprise organizations are encountering malware based on the latest threat intelligence is through social engineering.
The good news is that there are effective mitigations and best practices that can be used to help protect your enterprise such as keeping all software up to date, running software that was developed with a security development lifecycle, restricting web browsing, managing the security of your websites, and leveraging network security technologies. If you are interested in learning more about the top threats facing enterprises and how to take action, I encourage you to check out our recent blog post entitled, "
http://blogs.technet.com/b/security/archive/2013/11/25/microsoft-cybersecurity- report-top-10-most-wanted-enterprise-threats.aspx
Microsoft Cybersecurity Report: Top 10 Most Wanted Enterprise Threats ."
Of course, this is just one of many key takeaways from the latest SIR. To download the complete report, which includes regional threat intelligence for 106 locations around the world, visit
http://www.microsoft.com/sir
www.microsoft.com/sir . We hope you enjoy it and encourage you to provide feedback to our Twitter handle
https://twitter.com/msftsecurity
@MSFTSecurity .
Best regards,
Tim Rains, Director
Microsoft
Trustworthy
Computing
Have feedback on how we can improve this newsletter? Email us at mailto:
secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.
Top Stories
http://blogs.technet.com/b/srd/archive/2013/11/12/introducing-enhanced-mitigati on-experience-toolkit-emet-4-1.aspx
Enhanced Mitigation Experience Toolkit 4.1 Released
The Enhanced Mitigation Experience Toolkit (EMET) helps prevent attackers from gaining access to computers, works well in the enterprise, and protects across a wide range of scenarios. Now available for download,
http://www.microsoft.com/download/details.aspx?id=41138
EMET 4.1 includes updates that simplify configuration and enable faster deployment.
http://blogs.technet.com/b/security/archive/2013/11/07/maslow-and-malware-devel oping-a-hierarchy-of-needs-for-cybersecurity.aspx
Maslow and Malware: Developing a Hierarchy of Needs for Cybersecurity
Pervasive use of computing and the Internet means that companies need plans in place to ensure key assets, systems and networks remain protected, while preserving the benefits that come with broad connectivity. As approaches vary country to country, Microsoft recently partnered with Oxford-Analytica to develop a
http://download.microsoft.com/download/E/6/2/E62530BF-47CC-4527-88BA-F13DF5294A 65/HierarchyofCybersecurityNeeds.pdf
downloadable report that looks at how organizations can seek to maximize the benefits of the Internet by matching their cybersecurity priorities to the needs of their citizens.
Security Guidance
http://technet.microsoft.com/security/dn535790.aspx
Ransomware in the Enterprise
Marianne Mallen (Antivirus Researcher), Vidya Sekhar (Program Manager), Ben Hope (Technical Writer) –
http://www.microsoft.com/security/portal/mmpc/default.aspx
Microsoft Malware Protection Center
One problem affecting the enterprise space is ransomware, a type of malware designed to render a computer or its files unusable until you pay a certain amount of money to the attacker. Learn more about this threat and how to deal with a ransomware infection. For additional tips on how to protect your organization, see
http://blogs.technet.com/b/trustworthycomputing/archive/2013/11/19/ransomware-w ays-to-protect-yourself-amp-your-business.aspx
Ransomware: Ways to Protect Yourself & Your Business .
http://technet.microsoft.com/security/dn535789.aspx
Security Keeps the Money Flowing: A Framework for Data Loss Prevention
http://mvp.microsoft.com/en-us/mvp/Dan Griffin-4024470
Dan Griffin , Microsoft MVP – Enterprise Security and Founder of JW Secure, Inc.
The importance of protecting sensitive or important data is paramount for any business. While security technology today is amazingly advanced, so is the motivation and sophistication of the threat landscape. Explore a framework that can help you better evaluate data loss prevention (DLP) technologies for your organization.
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide
Download the Infrastructure Planning and Design Guide for Malware Response for help with planning the best and most cost-effective response to malicious software for your organization. This free guide provides methodologies for the assessment of malware incidents, walks through the considerations and decisions that are pertinent to timely response and recovery, and describes approaches to investigating outbreaks and cleaning infected systems.
http://technet.microsoft.com/en-us/library/exchange-online-antispam-and-antimal ware-protection.aspx
Anti-Spam and Anti-Malware Protection with Exchange Online
Microsoft Exchange Online provides built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect your network from spam transferred through email. Explore the filtering technologies enabled by default, then learn how to configure and customize
http://technet.microsoft.com/library/jj200745.aspx
anti-malware policies and
http://technet.microsoft.com/library/jj200687.aspx
anti-spam policies .
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide
Download the Infrastructure Planning and Design Guide for Malware Response for help with planning the best and most cost-effective response to malicious software for your organization. This free guide provides methodologies for the assessment of malware incidents, walks through the considerations and decisions that are pertinent to timely response and recovery, and describes approaches to investigating outbreaks and cleaning infected systems.
http://blogs.msdn.com/b/ie/archive/2012/03/14/enhanced-protected-mode.aspx Enhanced Protected Mode in Internet Explorer
Learn how Enhanced Protected Mode, included in Internet Explorer 10 and Internet Explorer 11, helps keep your data safe even if an attacker has exploited a vulnerability in the browser or one of its add-ons. Looking for more technical details on this feature? Read
http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhan ced-protected-mode-network-security-addons-cookies-metro-desktop.aspx Understanding Enhanced Protected Mode .
Cloud Security Corner
http://social.technet.microsoft.com/wiki/contents/articles/6642.a-solution-for- private-cloud-security.aspx
A Solution for Private Cloud Security
With increasing numbers of organizations looking to create cloud-based environments or implement cloud technologies within their existing data centers, business and technology decision-makers are looking closely at the possibilities and practicalities that these changes involve. Get a comprehensive explanation of the process for designing and running security for a private cloud environment.
This Month's Security Bulletins
November 2013 Security Bulletins
Critical
-MS13-088:2888505
https://technet.microsoft.com/en-us/security/bulletin/ms13-088
Cumulative Security Update for Internet Explorer
-MS13-089:2876331
https://technet.microsoft.com/en-us/security/bulletin/ms13-089
Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution
-MS13-090:2900986
https://technet.microsoft.com/en-us/security/bulletin/ms13-090
Cumulative Security Update of ActiveX Kill Bits
Important
-MS13-091:2885093
https://technet.microsoft.com/en-us/security/bulletin/ms13-091
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
-MS13-092:2893986
https://technet.microsoft.com/en-us/security/bulletin/ms13-092
Vulnerability in Hyper-V Could Allow Elevation of Privilege
-MS13-093:2875783
https://technet.microsoft.com/en-us/security/bulletin/ms13-093
Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure
-MS13-094:2894514
https://technet.microsoft.com/en-us/security/bulletin/ms13-094
Vulnerability in Microsoft Outlook Could Allow Information Disclosure
-MS13-095:2868626
https://technet.microsoft.com/en-us/security/bulletin/ms13-095
Vulnerability in Digital Signatures Could Allow Denial of Service
November 2013 Security Bulletin Resources:
- h
http://blogs.technet.com/b/msrc/archive/2013/11/12/authenticity-and-the-novemb er-2013-security-updates.aspx
Microsoft Security Response Center (MSRC) Blog Post
-
http://youtu.be/KqVpF7QqFj0
Security Bulletin Webcast (MP4)
-
http://blogs.technet.com/b/msrc/p/november-2013-security-bulletin-q-a.aspx
Security Bulletin Webcast Q&A
Security Events and Training
https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032557386 Microsoft Webcast: Information about the December 2013 Security Bulletin Release
Wednesday, December 11, 2013
Join this webcast for a brief overview of the technical details of December’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts.
https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032571337 Microsoft’s New Windows RMS – Advanced Information Protection Tuesday, December 17, 2013
Learn about the major updates to Microsoft's new Rights Management Services that can provide support for non-Microsoft file formats on multiple platforms including iOS and Android, and extend those capabilities beyond your organization to business partners and individuals.
Essential Tools
-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins
-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories
-
http://technet.microsoft.com/solutionaccelerators/cc835245.aspx
Security Compliance Manager
-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit
-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit
-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool
-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer
Security Centers
-
http://technet.microsoft.com/security
Security TechCenter
-
http://msdn.microsoft.com/security
Security Developer Center
-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center
-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center
-
http://www.microsoft.com/privacy
Microsoft Privacy
-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750
Microsoft Security Product Solution Centers
Additional Resources
-
http://www.microsoft.com/about/twc/en/us/blogs.aspx
Trustworthy Computing Security and Privacy Blogs
-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report
-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle
-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide
-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources
-
http://www.microsoft-careers.com/go/Trustworthy-Computing-Jobs/194701/ Trustworthy Computing Careers
microsoft.com/about/twcTrustworthy Computing
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
(c) 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft respects your privacy. To learn more please read our online
http://go.microsoft.com/fwlink/?LinkId=81184
Privacy Statement .
If you would prefer to no longer receive this newsletter, please
http://pages.email.microsoftemail.com/page.aspx?QS=38dfbe491fab00ea380afe73db21 804e1836ec2291e123ed&emailid=277421&memberid=10030559&jobid=2676516&listid=8857 87&listname=Subscription_10030559_1109&subscriberkey=
lordtime@tds.net&emailaddr =
lordtime@tds.net&subscriberid=328026660
click here .
To set your contact preferences for other Microsoft communications
http://click.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b 6311d344a0079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31 618dc832abaeba02aa2e4e965d8d2c8b9ab62f098fb9b896acf91a323dcc1b9b83813d
click here .
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games
Web-based telnet client
IRC
Email & news access