Hi there! Stanislav Belov is here with the next issue of the Infrastructure + Security: Noteworthy News series! As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy!
Azure confidential computing The Azure team, alongside Microsoft Research, Intel, Windows, and our Developer Tools group, have been working together to bring Trusted Execution Environments (TEEs) such as Intel SGX and Virtualization Based Security (VBS - previously known as Virtual Secure mode) to the cloud. TEEs protect data being processed from access outside the TEE. We're ready to share more details about our confidential cloud vision and the work we've done since the announcement.
The 3 ways Azure improves your security As we all know, companies worldwide are challenged by the ongoing volume of evolving security threats and with retaining qualified security talent to respond to these threats. In fact, the average large organization gets 17,000 security alerts each week, which results in an of average 99 days to discover security breaches. That contrasts with the less than 48 hours it takes for security breaches to grow from one system compromised into significantly broader issues.
Delegate WMI Access to Domain Controllers Typically, in the Domain Admins group, you'll see accounts for monitoring, PowerShell queries, etc. Those typically only need WMI access to pull information to monitor/audit. By following the theory of least privilege, it allows you to still give access needed to watch your infrastructure, without potentially compromising access.
What's new in the Windows 10 April 2018 Update With this update, available as a free download today, you get new experiences that help minimize distractions and make the most of every moment by saving you time. Our hope is that you'll have more time to do what matters most to you whether that's to create, play, work, or simply do what you love.
Finally Remove Insecure LDAP and Protect your Credentials with Project VAST The problem is with how the client asks for the data. Specifically, in how it binds to the DC. Unless you've configured the DC to require signing, many clients are returning unsigned traffic, which is susceptible to replay or attacker-in-the-middle attacks. This may result in nefarious activity, such as modified packets, in which a server or even a person makes decisions based on forged data.
Building a world without passwords Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that we've been busy at work trying to create a world without them – a world without passwords.
Microsoft Advanced Threat Analytics v1.9 released We are pleased to announce a new release of Microsoft Advanced Threat Analytics (ATA) version 1.9. This release includes numerous new features and performance enhancements, making it an even more powerful security solution.
.NET Framework May 2018 Security and Quality Rollup A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies
The end of support (EOS) for SQL Server and Windows Server 2008 and 2008 R2 is approaching rapidly:
July 9, 2019 – SQL Server 2008 and 2008 R2
January 14, 2020 – Windows Server 2008 and 2008 R2
Microsoft Premier Support News
Coming by popular demand from customers having received the POP-Securing Lateral Account Movement (SLAM) offering, the Onboarding Accelerator – Securing Lateral Account Movement – Premium has now been released. This is a multi-week engagement in which Microsoft Premier Field Engineers support you in increasing your resiliency against critical credential theft attacks by implementing core mitigations into your production environments. Each of the services included in the Premium offering consist of a one week engagement which matures your overall mitigation defense against leveraging lateral account movement as a means of a potentially devastating compromise; together these mitigations result in a defense-in-depth approach. Customers may elect to implement all three services (the Premium offering), any one of the individual services by itself, or any combination of the three.
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.