Monthly news - November 2023
Microsoft 365 Defender Monthly news November 2023 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from October 2023.Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.Enterprise IoT security is now included in Microsoft 365 E5 and E5 Security plans
With IoT devices expected to outnumber IT devices 3:1 by 2025. Organizations need a security solution that evolves with their existing endpoint security investments and empowers the SOC to secure IT and eIoT devices centrally.(Updated 21-DEC) Security Advisory - Apache Log4j CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
Microsoft is investigating the remote code execution vulnerability related to Apache Log4j (a logging tool used by many Java-based applications) disclosed on 9 Dec 2021. Mitre has designated this vulnerability as CVE-2021-44228 with a severity rating of 10.0. This was followed by vulnerabilities disclosed on Dec 14 th 2021 (CVE-2021-45046) potentially affecting non-standard configurations and Dec 16 th 2021 (CVE-2021-45105). For the latest status of Microsoft’s investigation, please see Microsoft’s Response to CVE-2021-4428 Apache Log4j 2. This advisory will continue to be updated as new information becomes available. (Last Updated 21-DEC-2021) The advisory was updated to reflect that version 10.5.5 has been released with the latest Apache Log4j 2.17.0 and validated to mitigate CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. We strongly recommend our customers implement the following mitigation steps based on an internal analysis of possible attack vectors. Mitigation Guidance for Microsoft Defender for IoT For Defender for IoT security appliances (OT network sensors and on-premises management console): Deploy the latest software release As of version 10.5.4, all components that were affected by CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 have been upgraded and secured. Customers are strongly encouraged to apply this update as soon as possible. Manual Workaround The workarounds described below will mitigate CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105, and can be used until upgrading to version 10.5.4 or above. > OT Network Sensor Using SSH, login as an administrator with full privileges. Execute the following: echo "find /var/cyberx/components/ -name \"start.sh\" -exec grep -L Dlog4j2.formatMsgNoLookups=true {} \; | xargs -I '{}' sed -i '/java_args.append(\"-Dlog4j.configurationFile=.*)/a java_args.append(\"-Dlog4j2.formatMsgNoLookups=true\")' {} && sed -i 's/args = \[\x27java\x27, \x27-Dlog4j\.configurationFile=\/var\/cyberx\/properties\/log4j2-active-tool\.xml\x27, \x27-jar\x27,/args = \[\x27java\x27, \x27-Dlog4j\.configurationFile=\/var\/cyberx\/properties\/log4j2-active-tool\.xml\x27, \x27-Dlog4j2\.formatMsgNoLookups=true\x27, \x27-jar\x27,/' /usr/local/bin/cyberx-xsense-cip-query-controllers && monit restart all" | sudo at now + 1 minutes > On Premises Management Console Using SSH, login as an administrator with full privileges. Execute the following: echo "find /var/cyberx/components/ -name \"start.sh\" -exec grep -L Dlog4j2.formatMsgNoLookups=true {} \; | xargs -I '{}' sed -i '/java_args.append(\"-Dlog4j.configurationFile=.*)/a java_args.append(\"-Dlog4j2.formatMsgNoLookups=true\")' {} && monit restart all" | sudo at now + 1 minutes If you need further assistance Please open a support ticket to contact our support team. The Defender for IoT cloud service does not use log4j and is not vulnerable to any active attack vector caused by CVE-2021-44228 and CVE-2021-45046. Latest Threat Intelligence Update for Monitoring CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 Microsoft has released a dedicated Threat Intelligence update package for detecting Log4j exploit attempts on the network (example below). The package is available for download from the Microsoft Defender for IoT portal (Click Updates, then Download file). MD5 Hash - 512081a7ce19e436c9ff7ed672024354 Update your system with the latest TI package: Microsoft Defender for IoT now pushes new threat intelligence packages to cloud-connected sensors upon release, click here for more information. Starting with sensor version 10.3, users can automatically receive up-to-date threat intelligence packages through Microsoft Defender for IoT. Working with automatic updates reduces operational effort and ensures greater security. Enable automatic updating on the Defender for IoT portal by onboarding your cloud-connected sensor with the toggle for Automatic Threat Intelligence Updates turned on. Additionally, the package can be downloaded from the Microsoft Defender for IoT portal, under Updates: To update a package on a single sensor: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the sensor console. On the side menu, select System Settings. Select Threat Intelligence Data, and then select Update. Upload the new package. To update a package on multiple sensors simultaneously: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the management console. On the side menu, select System Settings. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages. In the Select Threat Intelligence Data section, select the plus sign (+). Upload the package. For more information, please review Update threat intelligence data | Microsoft Docs For further information Follow the MSRC blog for more information, which is updated with information and protection details as they become available. For a more in-depth analysis of the vulnerability, exploitation, detections, and mitigations, consult the RiskIQ (acquired by Microsoft in August 2021) analysis. Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response Center Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation - Microsoft Security Blog Log4j – Apache Log4j Security Vulnerabilities CVE - CVE-2021-44228 (mitre.org)Enabling IoT/OT Threat Monitoring in Your SOC with Microsoft Sentinel
Recent ransomware attacks that shut down a US gas pipeline and global food processor have raised board-level awareness about IoT and Operational Technology (OT) risk, including safety risks and lost revenue from production downtime. To help jump-start IoT/OT detection and response in your SOC, we've created a new Microsoft Sentinel solution that leverages telemetry from Microsoft Defender for IoT — our agentless IoT/OT security monitoring technology — that provides pre-built, IoT/OT-specific analytics rules, workbooks, SOAR playbooks, and mappings to the MITRE ATT&CK for ICS (industrial control systems) framework.
