Archives
-
Weekend Scripter: Using PowerShell to Replace STSADM
Summary: Learn about a Windows PowerShell script to replace STSADM –o enumallwebs in SharePoint.
-
PowerTip: Get Time Difference between Dates with PowerShell
Summary: Use New-TimeSpan to produce the time difference between two dates.
-
Weekend Scripter: Use PowerShell to Host New Year’s Eve Countdown Clock
Summary: Use [DATETIME] variables and arrays to produce a countdown timer.
-
PowerTip: Use PowerShell to Create Hash Table
Summary: Use a Windows PowerShell cmdlet to create a hash table.
-
Phantom Elements in a Hash Table
Summary: Microsoft PFE and guest blogger, Chris Wu, talks about working with hash tables.
-
PowerTip: Display a Blinking Message by Using PowerShell
Summary: Use this one-line Windows PowerShell command to display a blinking message.
-
PowerShell Report for a Windows Failover Cluster
Summary: Use Windows PowerShell to create a report for a Windows failover cluster.
-
PowerTip: Add Computer to Security Group with PowerShell
Summary: Use Active Directory PoweShell cmdlets to add a computer to a security group.
-
‘Twas the Night Before Scripting: Part 5
Summary: Tonight, our Admin friend learns to migrate group memberships.
-
PowerTip: Show Group Members with PowerShell
Summary: Use Windows PowerShell to get a list of group members in Active Directory.
-
‘Twas the Night Before Scripting: Part 4
Summary: Dr. Scripto shows our Admin friend how to determine which groups a computer is a member of.
-
PowerTip: Create Computer Account in Active Directory with PowerShell
Summary: Use the Active Directory module to create a new computer account.
-
Cmdlets Roasting on an Open Fire
Summary: Are there new cmdlets in the Active Directory PowerShell module in Windows Server 2012 R2?
-
‘Twas the Night Before Scripting: Part 3
Summary: Dr. Scripto teaches our Admin friend how to find cmdlets in a module and get Help.
-
PowerTip: Set Custom Attributes in Active Directory
Summary: Use the Set-ADUser cmdet to modify custom attributes.
-
‘Twas the Night Before Scripting: Part 2
Summary: Dr. Scripto helps an Admin learn how to easily modify custom attributes in Active Directory.
-
PowerTip: Create a Secure Password with PowerShell
Summary: Use Windows PowerShell to make a plain text entry into a secure password.
-
‘Twas the Night of Before Scripting: Part 1
Summary: Dr. Scripto teaches a non-scripting Administrator to easily create users in Active Directory.
-
PowerTip: Debug a Workflow with PowerShell 4.0
Summary: Use Windows PowerShell 4.0 to debug a workflow.
-
Microsoft Security Intelligence Report desktop application updated with over 750 pages of data
A few months ago we launched the Microsoft Security Intelligence Report (SIR) application that was designed to provide customers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. The SIR app makes it easy to find, copy and share data from the Microsoft Security Intelligence Report. The SIR app runs on Windows 7 and Windows 8 based systems. Read more
-
Weekend Reading: Dec. 20th Edition–‘Biggest holiday season yet’ for Windows Phone and Windows Store apps
In this edition of Weekend Reading, we’ve got stories on the momentum building behind Windows Store and Windows Phone Store app downloads, how Bing broke out of the (search) box in 2013 and a Microsoft researcher who uses data to power his predictions.
-
Security Series: Using PowerShell to Enable BYOD–Part 2
Summary: Guest blogger and security expert, Yuri Diogenes, continues his series about enabling BYOD.
-
Microsoft’s Perspective on the NIST Preliminary Cybersecurity Framework: Four Recommendations for the Final Stages of Development
-
PowerTip: Use PowerShell to Discover Console Colors
Summary: Use Windows PowerShell to discover console color assignment.
-
Updates: Coreinfo v3.21, Disk2vhd v2.0, LiveKd v5.31
Coreinfo v3.21: CoreInfo is a command-line tool for reporting processor topology, NUMA performance, and processor features. The v3.21 release adds microcode reporting.
-
Microsoft celebrates 83 retail stores in 2013 with more on the way
The following post is from Jonathan Adashek, General Manager, Communications Strategy, Sales & Marketing Services Group, Microsoft. It was originally published on The Fire Hose.
-
ZeroAccess criminals wave white flag: The impact of partnerships on cybercrime
The following is a post from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit.
-
Migrating Host-Named Site Collections
Summary: Guest blogger and Microsoft PFE, Chris Weaver, talks about using Windows PowerShell to migrate host-named site collections.
-
Enterprise Threat Encounters: Scenarios and Recommendations – Part 1
Many of the IT Professionals that contact our customer service and support group have common questions related to security incidents and are seeking guidance on how to mitigate threats from determined adversaries. Given the level of interest in this information and common scenarios that exist amongst different organizations, we are publishing a multi-part series which will detail common security incidents organizations face and provide recommended mitigations based on guidance from our Security Support team.
-
PowerTip: PowerShell One-Liner to Find Short Aliases
Summary: Use this Windows PowerShell one-liner to find one-, two-, three-, and four-letter aliases.
-
Store PowerShell Profile on SkyDrive
Summary: Guest blogger, JD Platek, talks about storing the Windows PowerShell profile on SkyDrive.
-
PowerTip: Use PowerShell to List App Background Task Info
Summary: Use Windows PowerShell to list app background task information.
-
Microsoft board of directors update on CEO search
The following post is from John W. Thompson, a member of Microsoft’s board of directors.
-
Former Microsoft executive tapped by White House to run HealthCare.gov site
Kurt DelBene, a former Microsoft executive, has been named senior advisor to the Secretary of Health and Human Services and will lead and manage HealthCare.gov, the federal government’s health insurance website, in his new role.
-
Here are David Rothschild’s data-powered predictions for 2014, from the Super Bowl to Hillary Clinton
-
Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the December 2013 Security Bulletin Webcast Questions & Answers page. We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin (MS13-096), Security Advisory 2915720 and Security Advisory 2905247.
-
Mark your calendars: Announcing Build 2014
The following is a post from Steve Guggenheimer, Microsoft's Corporate Vice President and Chief Evangelist, Developer & Platform Evangelism.
-
Weekend Reading: Dec. 13th Edition – Microsoft introduces the Cloud OS Network
In this edition of Weekend Reading, we’ve got stories on Microsoft’s new Cloud OS Network, Xbox One sales and a gift guide for goodies under 100 bucks to help you get through the holidays.
-
NPD numbers: Xbox One is the fastest-selling console in the US in November
-
Security Professionals: Top Cyber Threat Predictions for 2014
As we near the end of 2013, it’s a perfect time to reflect on recent security events, the state of the industry and provide a glimpse into the future on how we anticipate the threat landscape to evolve in 2014. Read more
-
Service Providers light up the Cloud OS
The following post is from Takeshi Numoto, Corporate Vice President, Cloud and Enterprise Marketing, Microsoft.
-
Microsoft and Dell’s Continued Collaboration on VDI Solutions on Display at Dell World
In October, we announced Windows Server 2012 R2 which delivers several exciting improvements for VDI solutions. Among the benefits, Windows Server 2012 R2 reduces the cost per seat for VDI as well as enhances your end user’s experience. The following are just some of the features and benefits of Windows Server 2012 R2 for VDI:
-
Xbox One sells more than 2 million units in the first 18 days; Sold out at most major retailers
-
First prize for Nobel Media’s scalable and reliable website, run on Windows Azure
-
Omphaloskepsis and the December 2013 Security Update Release
There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast when someone asked the question – “What’s the difference between a security advisory and a security bulletin?” The answer was simple to me, as I’ve been doing this for years, but the question was valid and it reminded me that not every person on the planet knows all of the ins and outs of Update Tuesday.
-
LeWeb’13 and ‘The Next 10 Years’: The digitization of nearly everything
The following post is from Satya Nadella, Executive Vice President, Cloud and Enterprise, Microsoft.
-
Security Advisory 2916652 released, Certificate Trust List updated
Microsoft is updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of a mis-issued third-party digital certificate, which could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this action, customers will be automatically be protected against this issue. Additionally, the Enhanced Mitigation Experience Toolkit (EMET) 4.0 and newer versions help mitigate man-in-the-middle attacks by detecting untrusted or improperly issued SSL certificates through the Certificate Trust feature.
-
New security features added to Microsoft accounts
The following post is from Eric Doerr, Group Program Manager, Microsoft Account.
-
Computer Science Education Week begins Monday – Join us in an ‘Hour of Code’
The following post is from Satya Nadella, Executive Vice President, Cloud and Enterprise at Microsoft.
-
Reforming government surveillance
The following post is from Brad Smith, General Counsel and Executive Vice President, Legal & Corporate Affairs, Microsoft. It was originally published on Microsoft on the Issues.
-
Students everywhere count down the hours to ‘Hour of Code’
-
Weekend Reading: Dec. 6th Edition – Microsoft stands up for customer privacy
In this edition of Weekend Reading, we’ve got stories on Microsoft’s role in protecting customer data, how 150,000 students, administrators and staff members in Canada have started using Office 365 and Microsoft Research’s first Artist in Residence.
-
Microsoft, Europol, FBI and industry partners disrupt notorious ZeroAccess botnet that hijacks search results
The following is a post from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit.
-
Advance Notification Service for December 2013 Security Bulletin Release
Today we’re providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666.
-
Microsoft Disrupts Botnet Hijacking Search Results and Exploiting Search Engines
Today, Microsoft’s Digital Crimes Unit (DCU), in partnership with law enforcement and industry partners, announced the successful disruption of the Sirefef botnet, also known as ZeroAccess. This dangerous botnet is responsible for hijacking people’s search results and taking them to potentially dangerous websites that could install malware onto their computer, steal their personal information, or fraudulently charge businesses for online advertisement clicks. ZeroAccess also commits click fraud. According to the latest Microsoft Security Intelligence Report, by the end of 2012, malicious or compromised websites had emerged to become the top threats facing enterprises as well as consumers. This botnet specifically targets search results on the major online search and advertising platforms including Google, Bing and Yahoo!, and is estimated to cost online advertisers $2.7 million each month. Read more
-
Protecting customer data from government snooping
The following post is from Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft.
-
Windows Azure Services coming to Brazil
On Wednesday, Microsoft announced it will invest in the development of a new Windows Azure region in Brazil. The investment represents an important step in the company’s cloud expansion strategy and its commitment to the country and Latin America.
-
Office 365 makes the grade with Canada’s second-largest public school system
On Wednesday, Microsoft announced that Canada’s second-largest public school board – the Peel District School Board – has deployed Microsoft Office 365 to more than 150,000 students, administrators and staff members.
-
NORAD Tracks Santa project goes 3D, touch-device optimized with some help from Microsoft
The following post is from Roger Capriotti, senior director of product marketing, Microsoft. It was originally published on The Fire Hose.
-
See the most popular Bing searches of 2013
-
Microsoft Releases Security Advisory 2914486
Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) found this issue being used on systems compromised by a third-party remote code execution vulnerability. These limited, targeted attacks require users to open a malicious PDF file. The issues described by the advisory cannot be used to gain access to a remote system alone.
-
Security and policy surrounding bring your own devices (BYOD)
As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device (BYOD) revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost savings and productivity, it is also important to have robust security policies supporting BYOD.
-
Download Windows Server 2012 R2 and Get Free Training on the New Capabilities from MVA
As announced on the Windows Server blog last month, the team has released Windows Server 2012 R2 for General Availability. Download the Windows Server 2012 R2 evaluation or use our free Windows Server 2012 R2 Virtual Labs to test the product online without installation.Then, learn directly from Microsoft's product experts with a series of new Windows Server 2012 R2 courses on Microsoft Virtual Academy:View all of the latest courses on Windows Server 2012 on the MVA Windows Server Topic Page. -
Gobble gobble! 8 apps you need to make it through Thanksgiving!
-
Microsoft Cybersecurity Report: Top 10 Most Wanted Enterprise Threats
In my travels abroad over the years, I have had the great opportunity to meet with many enterprise customers to discuss the evolving threat landscape. In addition to helping inform customers, these meetings have provided me with an opportunity to learn more about how customers are managing risk within their environments. Many of these customers are interested in learning about the top threats found in enterprise environments. Visibility into what threats are most common in enterprise environments helps organizations assess their current security posture and better prioritize their security investments. Given the high level of interest in this information, I thought it would be helpful to take a close look at the top 10 threats facing enterprise customers based on new intelligence from the latest Microsoft Security Intelligence Report (SIRv15).
-
The R2 is available at Tech Showcase!
Windows Server 2012 R2 is available at Tech Showcase. The new R2 offers exciting features and enhancements across virtualization, storage, networking, virtual desktop infrastructure, access and information protection, and more. Attend a Microsoft Tech Showcase event and explore what R2 has to offer you and your organization. Register at http://aka.ms/Yclp43Tech Showcase events, hosted by Microsoft Learning Partners, are intended for senior technical experts and IT professional. Attend an event to review new, breakthrough features and capabilities important to you as an It Professional. Plan ahead and help you and your team get skilled and ready for the latest Windows release. -
Ransomware is on the Rise, Especially in Europe
The recently published Microsoft Security Intelligence Report (SIRv15) contains a section on ransomware. Ransomware is a type of malware that is designed to render a computer or its files unusable until the computer user pays the demanded amount of money to the attacker. It often masquerades as an official-looking warning from a well-known law enforcement agency, such as the US Federal Bureau of Investigation (FBI) or the Metropolitan Police Service of London. Some examples are provided in Figure 1.
-
MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest.
-
EMET 4.1 Released
One of the tools I get asked most about when I’m with customers is the Enhanced Mitigations Experience Toolkit (EMET). EMET is a free mitigation tool designed to help IT Professionals and developers prevent vulnerabilities in software from being successfully exploited. The tool works by protecting applications via the latest security mitigation technologies built into Windows, even in cases where the developer of the application didn’t opt to do this themselves. By doing so, it enables a wide variety of software to be made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied.
-
The Threat Landscape in South America: Chile and Colombia
In this fourth and final part of our series on the threat landscape in South America, we examine threats in Chile and then Colombia. As illustrated in Figure 1, both of these regions have had periods where their malware infection rates were above the worldwide average, and have more recently trended down. Read more
-
Authenticity and the November 2013 Security Updates
If you haven't had a chance to see the movie Gravity, I highly recommend you take the time to check it out. The plot moves a bit slowly at times, but director Alfonso Cuaron's work portrayal of zero gravity is worth the ticket price alone. Add in stellar acting and you end up with an epic movie that really makes you miss the shuttle program. Still, the movie has its detractors. Specifically, astrophysicist and geek icon Neil deGrasse Tyson has been critical about the movie's authenticity. To deGrasse Tyson, a lack of authenticity disrupts the movie-going experience.
Similarly, a lack of authenticity can disrupt your computing experience, which leads me to a couple of interesting items in this month's release. Two advisories this month deal with authenticity by focusing on certificates and cryptography. The first is Security Advisory 286725, which disables the use of the RC4 stream cipher. As computing power increases, cryptographic attacks that were once only theoretical become practical - this is the case with RC4, which was originally designed in 1987. That's the same year The Simpsons first appeared as shorts on The Tracy Ullman Show. Computing has changed somewhat in that time.
We've already taken this step in Windows 8.1 and Internet Explorer 11, and now we're providing an update to disable its use in other operating systems as well. Rather than automatically disable the cipher, the update provides a registry key that allows developers to eliminate RC4 as an available cipher in their applications. The SRD blog provides a deep dive into RC4 and the implications of disabling it.
Security Advisory 2880823 also impacts cryptography and authenticity but addresses SHA1. We aren't going to surprise the world by saying we're turning off support for SHA1 today, but we are announcing a new policy for Certificate Authorities (CAs) that deprecates the use of the SHA1 algorithm in SSL and code signing certificates in favor of the SHA2 algorithm. After January 2016, only SHA2 certificates can be issued. The good folks over on the PKI blog go into more detail about the change.
We have an update regarding a cryptographic function as well, MS13-095 addresses an issue in Digital Signatures that could cause a web service to stop responding if it receives a specially crafted X.509 certificate. Since these certificates are used to ensure authenticity, having the web service go down during negotiation is suboptimal.
Of course, another way to help ensure authenticity throughout your computing experience is to use EMET. An updated version of the program is available today. Of the many improvements, there is an update to the default settings that includes two new application protection profiles for applications. There's also an update for the Certificate Trust profile that offers more applications protection. Full details about this release can be found on the SRD blog. It may not patch any holes, but it can make it harder to reach any issue that may exist on a system and, if your family is like mine, it will significantly reduce calls from relatives looking for tech support.
Of course it takes more than just authenticity to make a secure computing experience, which leads us to the other updates for November. Today, we released eight bulletins, three Critical and five Important, addressing 19 unique CVEs in Microsoft Windows, Internet Explorer, and Office. For those who need to prioritize their deployment planning we recommend focusing on MS13-090, MS13-088, and MS13-089.
Our Bulletin Deployment Priority graph provides an overview of this month's priority releases (click to enlarge).
MS13-090 | Cumulative Security Update of Active X Kill Bits
This update addresses a remote code execution issue in an ActiveX control by providing a kill bit for associated ActiveX controls. We are aware of limited attacks that exploit this issue. The code execution occurs at the level of the logged on user, so non-admin users would face less of an impact. The remote code execution vulnerability with higher severity rating be fixed in today's release and we advise customers to prioritize the deployment of MS13-090 for their monthly release. As usual, customer with Automatic Updates enabled will not need to take any action to receive the update. Additional information about this vulnerability is available on the Security Research & Defense blog.
MS13-088 | Cumulative Update for Internet Explorer
This security update resolves ten privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.
MS13-089 | Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution
This update addresses one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
Last but not least, we are also providing an update for users of DirectAccess (DA) through Security Advisory 2862152. This security feature bypass issue would require a man-in-the-middle attacker to be successful, but if someone can snoop on your DA connection, it's possible they could impersonate a legitimate DA server in order to establish connections with legitimate DA clients. The attacker-controlled system could then intercept the target user's network traffic and potentially determine the encrypted domain credentials. This update, along with the new configuration guidelines available in KB2862152, helps ensure the authenticity of DA connections.
Watch the bulletin overview video below for a brief summary of today's releases.
Our risk and impact graph shows an aggregate view of this month's Security and Exploitability Index (click to enlarge).
For more information about this month's security updates, including the detailed view of the Exploit Index broken down by CVE, visit the Microsoft Bulletin Summary Webpage.
Jonathan Ness and I will host the monthly bulletin webcast, scheduled for Wednesday, November 13, 2013, at 11 a.m. PST. I invite you to register here and tune in to learn more about this month's security bulletins and advisories. We'll provide authentic answers to your update deployment questions, but no zero gravity effects will be employed.
For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
I look forward to hearing your questions in the webcast tomorrow.
Thanks,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing -
ActiveX Control issue being addressed in Update Tuesday
Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The security update will be distributed to customers tomorrow via Windows Update at approximately 10:00 AM PDT. Customers who have Automatic Updates enabled will not need to take any action to receive the update.
-
The Threat Landscape in South America: Argentina and Uruguay
In this third part of our series on the threat landscape in South America, we examine threats in Argentina and Uruguay. Of the locations represented in Figure 1, Argentina and Uruguay are among the locations with the lowest malware infection rates in South America. Read more
-
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release
Today, we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office.
-
The Threat Landscape in South America: Examining Brazil’s Dramatic Improvement
This article, part 2 of a series on the threat landscape in South America, focuses on Brazil. Brazil has had one of the most active threat landscapes in the world for many years. As seen in Figure 1, in the first quarter of 2011 (1Q11), Brazil’s infection rate (19.18) was over double that of the worldwide average (8.65). But Brazil’s infection rate dramatically improved over the following nine quarters, ending the second quarter of 2013 (2Q13) at 6.7 compared to the worldwide average of 5.8. Read more
-
Maslow and Malware: Developing a Hierarchy of Needs for Cybersecurity
Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing
-
The Threat Landscape in South America
One region of the world I haven’t written extensively about before is South America. Recently I had the opportunity to visit a couple of countries in South America to visit customers and discuss the threats they see in their environments. This is part 1 in a series of articles that will focus on threats found in several locations including Argentina, Brazil, Chile, Colombia and Uruguay. All of these articles are based on new data published in the Microsoft Security Intelligence Report volume 15 and previous volumes.
-
Microsoft Releases Security Advisory 2896666
Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue. The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.
While we are actively working to develop a security update to address this issue, we encourage our customers concerned with the risk associated with this vulnerability, to deploy the following Fix it from the advisory: -
The Threat Landscape in the European Union at RSA Conference Europe 2013
We had the opportunity to present new findings from the Microsoft Security Intelligence Report volume 15 at RSA Conference Europe last week in Amsterdam. Jeff Jones and I presented some of the new data from the report.
-
Observations from the FedRAMP Certification Process
Posted by Scott Charney, Corporate Vice President, Trustworthy Computing, Microsoft
-
Updates: RAMMap v1.32, Sigcheck v2.01
RAMMap v1.32: This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.
-
Microsoft hosts cybersecurity and privacy professionals for discussion about the Cybersecurity Framework
Last week, Microsoft’s Innovation & Policy Center in Washington, D.C. convened a distinguished group of cybersecurity and privacy professionals from across industry sectors for a panel discussion about the forthcoming Cybersecurity Framework, expected from the National Institute of Standards and Technology (NIST) in February 2014, and its implications for critical infrastructure organizations.
-
Microsoft Security Intelligence Report Volume 15 Now Available!
This morning, at the RSA Europe conference, Mike Reavey, General Manager for Trustworthy Computing delivered a keynote in which he announced the release of the Microsoft Security Intelligence Report volume 15 (SIRv15). The Microsoft Security Intelligence Report is the most comprehensive cybersecurity threat intelligence report in the industry that analyzes and provides in-depth perspectives on exploits, vulnerabilities, and malware for more than 100 countries/regions worldwide. It is designed to provide prescriptive guidance which can help our customers manage risk and protect their assets.
-
Update: RAMMap v1.31
RAMMap v1.31: This update fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.
-
Introduction: Chris Betz, new head of MSRC
By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center (MSRC). I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing.
-
Updates: PsExec v2.0, RAMMap v1.3, Sigcheck v2.0
PsExec v2.0: PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently with a system, since each will have a dedicated PsExec service.
-
Advancing the Discussion on Cybersecurity Norms
Posted by Matt Thomlinson, general manager, Trustworthy Computing
-
Announcing the General Availability of Windows Server 2012 R2: The Heart of Cloud OS
For years now, Microsoft has been building and operating some of the largest cloud applications in the world. The expertise culled from these experiences along with our established history of delivering market-leading enterprise operating systems, platforms, and applications has led us to develop a new approach for the modern era: the Microsoft Cloud OS.
-
The Threat Landscape in Canada
Last week I had the opportunity to speak at the Security Education Conference Toronto 2013 (SECTor). I love Canada; Toronto is an amazing city, and the conference was excellent.
-
10 years of Update Tuesdays
On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update. We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear and we delivered a predictable schedule.
-
October 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the October 2013 Security Bulletin Webcast Questions & Answers page. We fielded 11 questions during the webcast, with specific bulletin questions focusing primarily on the SharePoint (MS13-084) and Kernel-Mode Drivers (MS13-081) bulletins. There was one additional question that we were unable to answer on air, and we have included a response to that question on the Q&A page.
-
The October 2013 security updates
This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083.
-
An update on the bounty programs
Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some additional details about the results of the IE11 Preview bounty program, which covered the first 30 days of the preview period. Today, we are announcing James Forshaw, a security researcher with Context Information Security, has been awarded the first Mitigation Bypass Bounty, which comes with a prize of $100,000.00. As a reminder, this is an ongoing program, so if you are interested in participating, check out all the details here.
-
Strengthening Cybersecurity Through National Strategies: Foundations for Security, Growth, and Innovation
Information and Communications Technology (ICT) offers great benefits for states and their citizens alike—increased efficiency and transparency in government, improvements in civil society, and it has become a major driver of economic growth. Yet along with these benefits have come new threats, including cybercrime such as identity theft and fraud, politically motivated attackers who threaten critical infrastructure, and sophisticated economic and military espionage. A series of recent cyberattacks have disrupted the critical operations of major energy and financial companies. These developments, and others, have made cybersecurity a top priority for governments around the world, Read more
-
EMC Support for the SMB 3.0 Protocol – the Future of Storage Protocols
One of the key issues this blog has covered recently is the transformation of storage. Microsoft is focused on helping customers control the costs of storage, whether by using industry-standard hardware or simplifying existing hardware infrastructure. To that end we have made significant investments in the SMB 3.0 protocol for file-based storage. This helps customers use existing network infrastructure to achieve Fibre Channel-like performance, regardless of the underlying storage subsystem.
-
Advance Notification Service for October 2013 Security Bulletin Release
Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update which will address the publicly disclosed issue described in Security Advisory 2887505.
-
Examining Korea’s Rollercoaster Threat Landscape
The last time I wrote about the threat landscape in the Republic of Korea, its malware infection rate had increased six-fold in the first six months of 2012. Korea has had one of the most active threat landscapes in the world for many years. According to the latest data published in the Microsoft Security Intelligence Report Volume 14, the last half of 2012 was no different. Figure 1 provides the raw number of systems that were disinfected in Korea and other relatively active locations in each of the four quarters of 2012. Read more
-
Microsoft Releases Security Advisory 2887505
Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message. Running modern versions of Internet Explorer ensures that customers receive the benefit of additional security features that can help prevent successful attacks.
While we are actively working to develop a security update to address this issue, we encourage Internet Explorer customers concerned with the risk associated with this vulnerability, to deploy the following workarounds and mitigations from the advisory: -
Financial Services: A Survey of the State of Secure Application Development Processes
The financial services industry is one of the world’s largest industries by monetary value, and an industry which has a direct impact on the lives of billions of people around the world. Organizations in the financial services industry handle trillions of transactions each year involving sensitive information about individuals, companies, and other third parties. To help protect this sensitive information it is important that financial services organizations are developing, procuring, and using software applications that have been developed with security in mind.
-
September 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the September 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on Office bulletins, especially SharePoint Server (MS13-067). We received multiple Office related questions that were very similar in nature, so the questions have been merged, as applicable, with consolidated answers provided. We were able to answer six questions on air, and those we did not have time for have been included on the Q&A page.
-
Lovely tokens and the September 2013 security updates
Helen Hunt Jackson famously wrote, “By all lovely tokens September is here, with summer’s best of weather and autumn’s best of cheer.” I share Helen’s clear adoration for this time of year. As a sports fan, there are so many “lovely tokens” to enjoy. The baseball pennant race is heating up, college and pro football are underway, and various soccer leagues (real football to the rest of the world) continue. As a parent, there are the “lovely tokens” of my kids returning to school, which brings a reminder of summer’s passing and excitement for another year of learning, growing, and adjusting to a new routine. For me, the routine is set: the second Tuesday of the month is here and with it comes a round of “lovely tokens” to help protect our customers.
-
Attention TechNet and MSDN Subscribers: Windows Server 2012 R2 available for download today
Hi, all,
-
Windows Server 2012 RTM Now Available for MSDN and TechNet Subscribers
You asked, we delivered. As announced on Steve Guggenheimer's blog, and Microsoft VP Brad Anderson’s blog post, “Ready Now for TNS & MSDN: Download Windows Server 2012 R2”, the Released to Manufacturing (RTM) bits for Windows 8.1 and Windows Server 2012 R2 are now available for download to current MSDN and TechNet subscribers.
-
CISO Perspectives on Compliance in the Cloud
Regulatory compliance is a hot topic among many of the customers I talk to. Of particular interest is compliance as it relates to the cloud. It is a challenging topic and there are many regulations that Chief Information Security Officers (CISOs) need to be aware of and adhere to and these can vary significantly by industry and location.
-
Happy Birthday Windows Server 2012 – What Superhero Is it?
Birthdays are always special and we wanted to take this moment to celebrate the birthday of a special product. This week we are celebrating the birthday of Windows Server 2012. The product has done really well in the market and has super human strength. So here’s a question for you, “If Windows Server 2012 were a superhero, who would it be?”
-
Advance Notification Service for September 2013 Security Bulletin Release
In celebration of kids heading back to school, today we’re providing advance notification for the release of 14 bulletins, four Critical and 10 Important, for September 2013. The Critical updates address issues in Internet Explorer, Outlook, SharePoint and Windows.
-
CISO Perspectives on Risk
Many of the Chief Information Security Officers (CISOs) and security executives that I talk to tell me that they are always craving information. It always seems as though while some parts of their job responsibilities are under control, they think that other areas need more of their attention or could be more efficiently managed. Since they typically have limited time, limited information and limited resources, they look for sources of information that are tailored for their specific needs, making the information easy to consume and highly valuable. One such source of information for security executives is… other security executives. Most, if not all of the CISOs that I talk to, rely on other security executives in the industry to provide insights into topics they are interested in. When they can get valuable information and advice on an important topic from someone doing a similar job in another organization, they typically are willing to listen and engage. Read more
-
The Hybrid Cloud Storage Transformation
A frustrating reality for IT leaders is that their teams continue to struggle with the complications of data growth even though they spend more money on storage every year. It’s not surprising that IT leaders are looking for new storage architectures to help them solve their scalability problems and reduce their costs. A post to this blog in June briefly discussed the problems customers are having with data growth and mentioned how a StorSimple Cloud-integrated Storage system could be used to alleviate them. This post expands on that conversation and introduces the Microsoft hybrid cloud storage solution.
-
Planes, trucks and frozen custard - The Hyper-V Team at VMworld 2013
By now, readers of this blog may have already heard of our presence at VMworld in San Francisco this week. As you can imagine, planning a “guerrilla” activity is never a trivial task, and making it happen requires a lot of hard work behind the scenes. Therefore, I was feeling pretty pleased with what our team had managed to organize as I boarded my flight for San Francisco early Monday morning. Add to this the fact that I was visiting the Bay Area, a place that I called home for seven memorable years – I was really looking forward to the trip.
-
Announcing the Winners of the Cybersecurity 2020 Student Essay Contest
In June, we concluded our Cybersecurity 2020 Student Essay Contest in which we sought original research on how to measure the security impact of policies around the world. Government policy makers around the world struggle with crafting effective policy to reduce cybersecurity risks in the midst of tremendous change in the cyber ecosystem. These developments led us to seek out novel analyses from future cybersecurity thought leaders.
-
Get the “Scoop” on Hyper-V during VMworld
VMworld kicks off this week in San Francisco. I happen to know a few loyal VMware IT professionals, and the event is clearly a very exciting time of the year for them - an opportunity to meet other fellow enthusiasts, as well as to learn more about new releases from VMware. But I wonder if they would ever expect to learn more about Microsoft technologies such as Hyper-V and System Center while attending the event. Well, that’s what we’re going to make happen this year, albeit a little creatively.
-
Making Sense from Snowden: What’s Significant in the NSA Surveillance Revelations
I do not want to comment this but it is a fairly interesting article on Snowden's Revelations, the consequences and the legal frameworks.
-
Careful, when Microsoft Support is calling
I guess you are aware of the phone scams, when Microsoft support is calling you to tell you that you have an issue on your computer, which needs to be fixed. A Norwegian team was actually able to film that. The whole conversation with the "supporter" is in English (the rest in Norwegian) and is definitely worth looking at - The article (in Norwegian but Bing Translator helps) can be found here: Her prøver Windows-svindlerne å lure kredittkortet fra oss
-
August 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page. We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server (MS13-061) and Windows Kernel (MS13-063). There were 3 additional questions during the webcast that we were unable to answer on air, and we have also answered those on the Q&A page.
-
Windows XP: The world after April 8, 2014
To be clear upfront: After support for Windows XP will end, the world will still exist – at least I hope. However, over the course of the last few months I read numerous articles with speculations, what is going to happen, once we stop support of Windows XP. The key problem is, that we do not know at all – there is no precedence. When Windows 2000 went out of support, there were much less systems still in use. This is a huge challenge with Windows XP.
-
Windows Server 2012 R2 Available October 18th
Today we are pleased to make several important announcements. We are extremely excited that on October 18th, eligible customers will able to download Windows Server 2012 R2, System Center 2012 R2, and use the latest update to Windows Intune. Also on October 18th, Windows 8.1 will be available to consumers and businesses worldwide. To find out more about this announcement, see Microsoft Vice President, Brad Anderson's blog, "Mark Your Calendars for October 18th, the R2 Wave is Coming". While you’re there, be sure to also check out his special series on “What’s New in 2012 R2” for a deep dive on all the new innovations to expect in the R2 wave of products.
-
Leaving Las Vegas and the August 2013 security updates
Two weeks ago I, along with 7,500 of my closest friends, attended the Black Hat security conference in Las Vegas, NV. I can’t speak for everyone, but I certainly had a great – if not exhausting – time while there. While there were a lot of great talks, a personal highlight for me each year is the chance to meet and talk with the various people who attend. It was even more fun for me this time around, as we had some great new programs here at Microsoft to talk about.
-
Advance Notification Service for August 2013 Security Bulletin Release
Today we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for August 2013. The Critical updates address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange.
-
New Windows Server 2012 R2 Innovations – Download Now
Windows Server 2012 R2 is in preview right now and ready for your evaluation. We have been rolling out detailed information on our Cloud OS vision though Brad Anderson’s What’s New in 2012 R2 blog series. That will continue but we thought you would like a short consolidated list for consideration. Here are some key innovations in Windows Server 2012 R2.
-
Autoruns v11.70, Bginfo v4.20, Disk2vhd v1.64, Process Explorer v15.40
Autoruns v11.70: This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that
Autoruns is running under. -
Are you prepared for the BlueHat Challenge?
Today we are kicking off a new challenge so you can showcase your security prowess and, if we can, help you build some more. Our BlueHat Challenge is a series of computer security questions, which increase in difficulty as you progress. Only the rare and talented engineer will be able to finish the Challenge on the first attempt. It’s not a contest, so there’s no cash involved here, but there will be some great answers we’ll recognize publicly and you could win yourself a big chunk of bragging rights. You can find complete details about this new program over on the Security Research & Defense blog.
-
Software Defined Networking (SDN): Double-Clicking into our Point of View
A couple of weeks ago we spoke about our approach to Software Defined Networking (SDN) - an approach that is open and extensible, driven by experience and most importantly, one that lets you leverage your existing investments.
-
Microsoft Presents “Enabling Consumerization without Compromising Compliance” at BriForum this Week
BriForum kicks off today in Chicago. BriForum 2013 is the only technical virtualization conference that is 100% dedicated to desktop virtualization, VDI, application virtualization, Remote Desktop Services, and the consumerization of IT.
-
What’s New in Windows Server 2012 R2 – End-to-End Scenarios Across Products
Although People-centric IT capabilities are great on Windows devices, these capabilities are not limited to Windows devices. We also put a lot of work into enabling first class support for heterogeneous devices in our People Centric IT capabilities. Putting users at the center of what we do includes enabling a broad set of devices. Active Directory is a core service enabling this and other scenarios.
-
I want you to go read the In the Cloud Blog
I am channeling my early days living and breathing as a U.S. Army Officer. I can't be any more clear about what I am asking you to do. So, here is your mission:
-
Getting Started with PowerShell 3.0 Jump Start
Don’t miss this opportunity; get your staff together and learn about PowerShell right from the source! Join Jeffrey Snover, the inventor of PowerShell, together with Jason Helmick, Senior Technologist at Concentrated Technology, as they take you through the ins and outs of using PowerShell for real-time problem solutions and automations. This will be a high-speed, fun day aimed at IT pros, admins, and help desk persons who want to know how to use this powerful management tool to improve your management capabilities, automate redundant tasks and manage your environment in scale. It’ll prepare you for a second event on August 1, which will go further into scripting, automation, and building tools (cmdlets).
-
Update: Autoruns v11.62
Autoruns v11.62: This release fixes a bug in version 11.61’s jump-to-image functionality.
-
Bring Your Own Device (BYOD) – New Windows Server 2012 R2 Device Access and Information Protection
As you will have seen at Microsoft TechEd North America and Europe, we have just delivered the Preview Release of Windows Server 2012 R2 with a stunning amount of new capability that is Cloud First.
-
Unique in the Crowd – False sense of Privacy
This morning, I was reading a very interesting article called Unique in the Crowd: The privacy bounds of human mobility. This is the abstract:
-
Transforming your Datacenter with Software-Defined Networking (SDN): Part II
A couple of weeks ago, we addressed how Microsoft’s Software-Defined Networking solutions can help you transform your datacenter. For those of us who prefer to learn visually, the video below illustrates our approach.
-
Storage Transformation for your Datacenter
A few weeks ago, we addressed storage transformation in this blog – and how onsite storage, cloud storage, and recovery options are evolving. Below is a brief video overview of some of our key storage solutions. In this post, we will explore how storage is changing inside your datacenter, and how we transform industry standard disks into reliable, high-performance onsite storage for you datacenter.
-
Microsoft Windows Server 2012 R2 Preview is Now Available for Download
Today at TechEd Europe 2013 we announced availability of the System Center 2012 R2 and Windows Server 2012 R2 previews. You can download these products right now from the evaluation center.
-
Updates: Mark's TechEd Sessions, Autoruns v11.61, Strings v2.52, ZoomIt v4.5
Mark’s TechEd Sessions Available On-Demand: Mark delivered four top-rated sessions at Microsoft’s TechEd US conference two weeks ago, and the recordings are available now for on-demand viewing. In Windows Azure Infrastructure Services, he gives an overview of the deployment and operation of Virtual Machines and Virtual Networks; in Windows Azure Internals Mark goes under the hood of Windows Azure to show its physical and logical datacenter architecture and operation; in Case of the Unexplained you’ll see how to use the Sysinternals tools to solve impossible problems; and in Malware Hunting with the Sysinternals Tools you’ll learn how to use Sysinternals tools to identify and clean malware infestations.
-
Targeted Attacks – a Video Series
Trustworthy Computing in partnership with Microsoft IT, Microsoft Consulting and the product groups just released a series of videos on targeted attacked and how to defend.
-
Hyper-V Surge! June 30 Deadline is Coming Fast – Microsoft Partners Act Now!
We wanted to make sure and remind the Microsoft Partner community that the Hyper-V Surge! program is happening right now. This incentive program is for a limited time so don’t be late. If you are wondering what the “Hyper-V Surge!” promotion is, here’s a great description:
-
GP MVP Activity
We already talked about Darren's tool to investigate Group Policy performance, so here's what some other GP MVPs are up to:
-
Transforming your Datacenter with Software-Defined Networking (SDN): Part I
With server virtualization, you are able to decouple a compute instance from the underlying hardware. That enables you to pool compute resources for greater flexibility. However, to truly transform your datacenter, you’ve also got to deliver your storage, compute, and networking resources as a shared, elastic resource pool for on-demand delivery of datacenter capacity. Indeed, this datacenter-level abstraction is a critical part of Microsoft’s Cloud OS vision.
-
Storage Transformation
Organizations face many challenges when it comes to storage. Data volumes are exploding, increasing the cost of storage and the headaches of storage management. The rise of Big Data analytics means more data is being collected and mined than ever before – 90% of the world’s data has been created in the last two years. Enterprise data is expanding at 20% per year or more.
-
Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92
Autoruns v11.6: Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output.
-
Are we sitting on a time bomb?
I just read another of these studies: Enterprises sitting on security time bomb as office workers compromise company data. Let's briefly look at the findings first:
-
The Moscow Rules in the Cyberspace
Doing your basics is a natural given, when you defend your assets. Basics like updating your computers, staying on latest versions, dynamic network zones, incident response, identity management, monitoring etc. etc. – last but not least (or probably first J) is to know your assets and have your data classified so that you understand, which part of your business needs which level of protection.
-
Group Policy and Logon Impact
You can make decisions as you design and deploy your Group Policy Objects (GPOs) that will have an impact on how quickly your Windows desktops start and become usable to your users. Some of these decisions are obvious, while many are not. This post will guide you through some of the ways Group Policy can impact performance as well as some of the improvements we made for Windows 8.
-
Enabling the Hybrid Cloud with Microsoft Technology
When I talk with customers about the Cloud, we always talk about a few key themes:
-
Updates: Accesschk v5.11, Procdump v6.0, RAMMap v1.22, Strings v2.51
AccessChk v5.11: AccessChk, a command line utility for
dumping the effective permissions and security descriptors for files, registry
keys, processes, tokens, object manager objects, now prefixes Windows 8
application container SIDs with the word “Package”, and includes several minor
bug fixes. -
Is there a future for Product Certifications?
Often, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system on Common Criteria EAL 4+ - the highest level, which seems achievable for multi-purpose operating systems. However, personally I do not think that product certifications are the future for different reasons:
-
Will the user define security policies in the future?
I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define a set of hardware anymore but that the user will buy their own and use it for business. Additionally, different people have different needs and my notebook is setup differently than a lot of others within Microsoft's internal network – just because I have different needs and I use one piece of hardware for private and business. Actually in my case, it is even my own hardware. Back then at this point the CSO left the room complaining that I am completely nuts.
-
Some Windows XP Users Can't Afford To Upgrade
I just read a post on slashdot:
-
Microsoft Account: Enable Two-Step Verification
We could even talk about two-factor authentication in my opinion. The idea is, that whenever you logon from an untrusted PC, you will be asked to use a second factor (or step). In my case, which I show below, I use the Authenticator app on my phone, which is similar to an RSA SecureID.
-
Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0
Autoruns v11.5: This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.
-
Internet Accessible SCADA Systems
This is a fairly scary view of the world…. Freie Universität Freiburg mapped the Internet accessible SCADA systems. Have a look on your own: https://www.scadacs.org/projects.html
-
Cyber Espionage and Targeted Attacks
This morning I read an article on Infoworld: Why you should care about cyber espionage which – to me – is a strange question. First of all, most companies have to protect some sort of intellectual property. It is not new for the Internet, that state-driven espionage not only targets state's secrets but industrial espionage as well. Therefore Cyber Espionage as it is in no way different than any other espionage. Did you care about losing your intellectual property 20 years ago? Better care about it today as well.
-
Updates: Pendmoves v1.2, Process Explorer v15.3, Sigcheck v1.91, Zoomit v4.42
Pendmoves v1.2: This update to Pendmoves adds support for 64-bit directories.
-
The Challenge of Patch Management
Depending on where I travel and with which customers I talk, patch management is still the number 1 issue coming up. Not only is the challenge to deploy the updates – much worse, there is still an awareness issue in a lot of markets. People know that they should patch but too often do not do it – and if they do, well, there is no real process attached to it. Additionally, one of the issues I often raise publically is, that a lot of companies still focus on Microsoft products "only". I basically like it, when they keep "our" part of the infrastructure current but there is a lot more…
-
Update: Autoruns v11.42
Autoruns v11.42: This release fixes a bug in the parsing of network file paths introduced in v11.41.
-
Try Office 365 Home Premium
Today is the day we launched Office 2013 officially to the broad market. This is a real cool step forward you should look at:
-
Updates: Autoruns v11.41, Handle v3.51, Movefile v1.01, Procdump v5.13, Sigcheck v1.9
Autoruns v11.41: This Autoruns update reports the hosting image target of link shortcut references.
-
Security in 2013 – the way forward?
Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into the context of typical hygiene of any IT environment.
-
An Attack via VPN – Really?
I was just made aware of a case study, which is a really interesting "attack" on a US company via VPN. It is sometimes not like it seems…
-
The Directory in the Cloud?
It seems that it is an eternity ago – and it is. Pretty much three years ago, Doug Cavit and me published a paper called the Cloud Computing Security Considerations. Even though it is three years, the paper is still worth reading as the content still applies. What we basically said was, that if you look at the Cloud, there are five areas of Considerations:
-
Updates: Autoruns v11.4, ProcDump v5.12, SDelete v1.61
Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug.
-
New book on Direct Access
A lot of customers are asking us about Direct Access and how you can implement it. Erez Ben Ari (a Senior Support Escalation Engineer at Microsoft) and Bala Natarajan (a Program Manager in our Windows division) wrote a book on that called Windows Server 2012 Unified Remote Access Planning and Deployment. This is the abstract:
-
Hunting Down and Killing Ransomware
Scareware, a type of malware that mimics antimalware software, has been around for a decade and shows no sign of going away. The goal of scareware is to fool a user into thinking that their computer is heavily infected with malware and the most convenient...(read more)
