Pop-Up Thingie

Digital Distortion
  • Home
  • Forum
  • Files
  • Web Monitor
  • Log in

  1. Forum
  2. League10
  3. Microsoft Sec. Bulletin
  • Microsoft Security Newsletter - September 2015

    From Lord Time@TIME to All on Wed Sep 30 14:59:05 2015
    Microsoft Security Newsletter - September 2015



    September 2015
    Microsoft Security Newsletter



    Welcome to September's Security Newsletter!

    The theme of this month's newsletter is data security. The CISOs I meet are responsible for protecting their organization's data whether it's on-premises, on mobile devices or Internet of Things (IoT) devices, or in the cloud—or traveling anywhere between these points.



    It's interesting to see the different security strategies that different organizations are employing these days. The underlying assumption for some organizations' security strategy is that since they aren't managing all the devices that their information workers use, consistently, then all of those devices should be treated as if they are untrusted. These organizations tend to focus on protecting the data and not the devices used to access it - which is a reasonable strategy for some organizations. They leverage

    https://technet.microsoft.com/windows/hh826073.aspx?ocid=wc-nl-secnews
    desktop and application virtualization technologies,

    https://technet.microsoft.com/library/jj150527.aspx
    data loss prevention ,

    https://technet.microsoft.com/dn175751.aspx
    Rights Management Services , and

    https://azure.microsoft.com/services/active-directory/
    identity services , and other controls to help them manage the risk to the data.



    Other organizations have embraced new mobile device management offerings, like the

    http://www.microsoft.com/en-us/server-cloud/enterprise-mobility/overview.aspx Microsoft Enterprise Mobility Suite (which includes

    http://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/ Microsoft Intune ), that enable them to manage a wide range of devices in a consistent and predictable manner. Most of the customers I talk to in this category are also using the layered protections built into Windows 7 and 8.1 to protect data, and plan to leverage all the new and enhanced protections built into Windows 10 such as

    https://technet.microsoft.com/library/dn985838.aspx?ocid=wc-nl-secnews Enterprise Data Protection ,

    https://technet.microsoft.com/library/mt403325.aspx?ocid=wc-nl-secnews BitLocker ,

    https://technet.microsoft.com/library/mt483740.aspx?ocid=wc-nl-secnews Credential Guard , to name a few. For enterprise customers looking to evaluate these security features in Windows 10, please download the

    https://technet.microsoft.com/evalcenter/dn781239.aspx?ocid=wc-nl-secnews Windows 10 Enterprise Evaluation to try Windows 10 Enterprise free for 90 days.



    It's both a challenging time to be a CISO and a great time to be a CISO because of all the options organizations have to inform and support their security strategies. Please enjoy this month's newsletter.



    Best regards,

    Tim Rains, Chief Security Advisor

    Cybersecurity & Cloud Strategy, Microsoft



    Want to share this newsletter with a friend or colleague? https://technet.microsoft.com/en-us/security/cc307424.aspx
    Click here for the online edition and subscription options .


    Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com
    secnlfb@microsoft.com and share your ideas.




    Top Stories



    http://blogs.microsoft.com/cybertrust/2015/09/10/cloud-security-controls-series -encrypting-data-at-rest/

    Cloud Security Controls Series: Encrypting Data at Rest

    Learn about some of the controls that are available to help manage the security of data stored and processed in Microsoft's cloud services, and Microsoft Azure in particular.


    http://blogs.windows.com/windowsexperience/2015/09/28/privacy-and-windows-10/ Privacy and Windows 10

    In today's connected world, maintaining our privacy is an incredibly important topic. Learn how Windows 10 was designed with straightforward privacy principles in mind.


    http://blogs.technet.com/b/srd/archive/2015/09/08/what-makes-a-good-microsoft-d efense-bounty-submission.aspx

    What Makes a Good Microsoft Defense Bounty Submission?

    One of Microsoft's longstanding strategies toward improving software security continues to involve investing in defensive technologies that make it difficult and costly for attackers to exploit vulnerabilities. To cast a wider net for defensive ideas, Microsoft awarded the BlueHat Prize in 2012 and subsequently started the ongoing Microsoft Defense Bounty in June, 2013 which has offered up to $50,000 USD for novel defensive solutions. Last month, we announced that we will now award up to $100,000 USD for qualifying Microsoft Defense Bounty submissions. Learn how Microsoft evaluates defensive solutions and the characteristics that we look for in a good defense.




    Security Guidance

    https://technet.microsoft.com/security/mt587084.aspx
    Security Tip of the Month: Implement a Data-Driven Computer Security Defense
    By Roger A. Grimes, Microsoft IT Information Security and Risk Management


    In today's environment, information security executives face a challenge of protecting company assets by optimally aligning defenses with an ever increasing number of threats and risks. Often, organizations have considerable investments in protection without using a risk-based approach to prioritizing investments. This approach leads to ineffective security controls and an inefficient use of resources.Information security organizations collect a tremendous amount of data about IT environments.For some organizations, activities occurring on those IT infrastructures exceed more than ten billion events on a daily basis. In other words, considerable information is available about the environments we manage and it's that data that can help us make informed decisions.



    In support of these challenges, considerable improvement in rigor and process is necessary to inform and make better business decisions. Drawing upon hundreds of engagements with Microsoft clients, as well as internal security operations,
    https://technet.microsoft.com/security/mt587084.aspx
    this guide outlines a framework for dramatically improving operational security posture. The framework utilizes a data-driven approach to optimize investment allocation for security defenses and significantly improve the management of risk for an organization.


    https://channel9.msdn.com/Events/Ignite/2015/BRK3490
    Enabling Data Protection in Microsoft Azure

    Find out how to control your data in Microsoft Azure through advanced technologies to encrypt, control and audit access, separate, and dispose of data according to your business needs. This video provides an overview of these technologies with a focus on encryption of data.


    https://azure.microsoft.com/en-us/documentation/articles/storage-client-side-en cryption/

    Client-Side Encryption and Azure Key Vault for Microsoft Azure Storage

    The Azure Storage Client Library for .NET supports encrypting data within client applications before uploading to Azure Storage, and decrypting data while downloading to the client. The library also supports integration with Azure Key Vault for storage account key management. Explore these methods and learn about encryption and decryption via the envelope technique.


    https://msdn.microsoft.com/library/bb934049.aspx
    Transparent Data Encryption

    Transparent Data Encryption (TDE) encrypts SQL Server and Azure SQL Database data files, known as encrypting data at rest. Learn how to use TDE including commands and functions, catalog views and dynamic management views, permissions, and other considerations.


    https://msdn.microsoft.com/library/bb895340.aspx
    Extensible Key Management (EKM)

    While not available in every edition of SQL Server, Extensible Key Management (EKM) enables third-party EKM/HSM vendors to register their modules in SQL Server so that users can use the encryption keys stored on EKM modules. Find out how this enables SQL Server to access the advanced encryption features these modules support such as bulk encryption and decryption, and key management functions such as key aging and key rotation.


    https://msdn.microsoft.com/library/dn449489.aspx
    SQL Server Backup Encryption

    Starting in SQL Server 2014, SQL Server has the ability to encrypt the data while creating a backup. Explore usage scenarios, benefits, and recommended practices for encrypting during backup.


    https://channel9.msdn.com/Events/Ignite/2015/BRK3172
    Encryption Controls in Office 365: Across Devices and Platforms

    Whether it is at rest or in transit, Office 365 protects your data using a variety of encryption mechanisms. In addition to what's baked into the platform, you have several options for customer-controlled encryption features to meet the business needs of your organization. Learn about the different types of encryption technologies in Office 365 that you can use and how they work seamlessly across devices and platforms. This video talks about https://technet.microsoft.com/library/dn792011.aspx
    Information Rights Management (IRM) with RMS, S/MIME, and

    https://technet.microsoft.com/library/dn569286.aspx
    Office 365 Message Encryption and how these encryption technologies help keep your data safe and secure.


    https://technet.microsoft.com/library/mt404675.aspx?ocid=wc-nl-secnews BitLocker in Windows 10

    BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. Find out

    https://technet.microsoft.com/library/mt403325.aspx?ocid=wc-nl-secnews
    what's new in BitLocker in Windows 10, then find answers to

    https://technet.microsoft.com/library/mt404671.aspx?ocid=wc-nl-secnews frequently asked questions ,

    https://technet.microsoft.com/library/mt404680.aspx?ocid=wc-nl-secnews
    planning tips ,

    https://technet.microsoft.com/library/mt404669.aspx?ocid=wc-nl-secnews deployment guidance and much more.




    Community Update

    http://social.technet.microsoft.com/wiki/contents/articles/1256.database-engine -security-checklist-database-engine-security-configuration.aspx

    Database Engine Security Checklist: Database Engine Security Configuration

    Get a quick list of key security configuration options for the SQL Server Database Engine. Use this checklist to periodically audit your Database Engine environment. These recommended settings should be adjusted based on your security and business needs.




    This Month's Security Bulletins


    September 2015 Security Bulletins


    Critical

    -MS15-094:3089548
    https://technet.microsoft.com/library/security/ms15-094
    Cumulative Security Update for Internet Explorer

    -MS15-095:3089665
    https://technet.microsoft.com/library/security/ms15-095
    Cumulative Security Update for Microsoft Edge

    -MS15-097:3089656
    https://technet.microsoft.com/library/security/ms15-097
    Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution

    -MS15-098:3089669
    https://technet.microsoft.com/library/security/ms15-098
    Vulnerabilities in Windows Journal Could Allow Remote Code Execution

    -MS15-099:3089664
    https://technet.microsoft.com/library/security/ms15-099
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution



    Important

    -MS15-096:3072595
    https://technet.microsoft.com/library/security/ms15-096
    Vulnerability in Active Directory Service Could Allow Denial of Service

    -MS15-100:3087918
    https://technet.microsoft.com/library/security/ms15-100
    Vulnerability in Windows Media Center Could Allow Remote Code Execution

    -MS15-101:3089662
    https://technet.microsoft.com/library/security/ms15-101
    Vulnerabilities in .NET Framework Could Allow Elevation of Privilege

    -MS15-102:3089657
    https://technet.microsoft.com/library/security/ms15-102
    Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege

    -MS15-103:3089250
    https://technet.microsoft.com/library/security/ms15-103
    Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure

    -MS15-104:3089952
    https://technet.microsoft.com/library/security/ms15-104
    Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege

    -MS15-105:3091287
    https://technet.microsoft.com/library/security/ms15-105
    Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass


    September 2015 Security Bulletin Resources:

    - http://blogs.technet.com/b/msrc/archive/2015/09/08/september-2015-security-up date-release-summary.aspx


    September 2015 Security Update Release Summary
    -
    Malicious Software Removal Tool: http://www.microsoft.com/en-us/download/malic ious-software-removal-tool-details.aspx

    September 2015 Update and

    http://blogs.technet.com/b/mmpc/archive/2015/09/08/msrt-september-2015-teerac.a spx
    blog summary



    Security Events and Training



    https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032671692
    Azure, The Trusted Cloud
    Thursday, October 1, 2015 - 10:00 AM Pacific Time

    Microsoft understands that for you to realize the benefits of the cloud, you must be willing to entrust your cloud provider with one of your most valuable assets—your data. Learn how Microsoft's long experience running online services has involved extensive investment in foundational technology that builds security and privacy into the development process.


    https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032668896 Security, Compliance and IRM in Office 365
    Thursday, October 15, 2015 - 11:00 AM Central Time

    Explore the different regulations to which Office 365 and, more specifically, SharePoint Online and OD4B are compliant. You'll also find out what IRM means and how you can utilize it to secure your cloud data.


    http://go.microsoft.com/?linkid=9898460
    TechNet Virtual Lab: Exploring Row Level Security
    On demand

    This hands on lab will familiarize you with the new Row Level Security (RLS) in SQL Server 2016, which allows you to store data for different customers, departments, or tenants in the same table, while restricting access to rows based on a query's execution context.


    http://go.microsoft.com/?linkid=9875125
    TechNet Virtual Lab: On-Prem and Cloud App and Data Protection with Azure RMS On demand

    Learn how to protect files from unauthorized access by using Microsoft Azure Rights Management, the Microsoft Rights Management connector, the Rights Management sharing app, and Microsoft Office 2013. These technologies help protect data on devices that are domain-joined or standalone regardless of whether they are owned by the organization or a user.


    http://go.microsoft.com/?linkid=9851304
    TechNet Virtual Lab: Protecting Your Data with System Center 2012 R2 Data Protection Manager
    On demand

    In this introductory lab, you will learn how to use the Data Protection Manager console to protect and recover data. You will learn how to allocate local storage, configure protection for files and SQL Server databases, create recovery points, and recover data. You will also learn how to recover a database to a SQL Server cluster.






    Essential Tools


    -
    http://technet.microsoft.com/security/bulletin
    Microsoft Security Bulletins

    -
    http://technet.microsoft.com/security/advisory
    Microsoft Security Advisories

    -
    http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
    Microsoft Security Development Lifecycle Starter Kit

    -
    http://support.microsoft.com/kb/2458544
    Enhanced Mitigation Experience Toolkit

    -
    http://www.microsoft.com/security/pc-security/malware-removal.aspx
    Malicious Software Removal Tool

    -
    http://technet.microsoft.com/security/cc184924.aspx
    Microsoft Baseline Security Analyzer


    Security Centers


    -
    http://technet.microsoft.com/security
    Security TechCenter

    -
    http://msdn.microsoft.com/security
    Security Developer Center

    -
    http://www.microsoft.com/security/msrc/default.aspx
    Microsoft Security Response Center

    -
    http://www.microsoft.com/security/portal/
    Microsoft Malware Protection Center

    -
    http://www.microsoft.com/privacy
    Microsoft Privacy

    -
    http://support.microsoft.com/select/default.aspx?target=hub&c1=10750 Microsoft Security Product Solution Centers


    Additional Resources


    -
    http://blogs.microsoft.com/cybertrust/
    Microsoft Cybertrust Blog

    -
    http://blogs.msdn.com/b/azuresecurity/
    Microsoft Azure Security Blog

    -
    http://www.microsoft.com/security/sir
    Microsoft Security Intelligence Report

    -
    http://www.microsoft.com/security/sdl
    Microsoft Security Development Lifecycle

    -
    http://technet.microsoft.com/library/cc162838.aspx
    Malware Response Guide

    -
    http://technet.microsoft.com/security/bb980617.aspx
    Security Troubleshooting and Support Resources




    technet.microsoft.com/security




    This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.



    (c) 2015 Microsoft Corporation

    http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Copyright/defau lt.aspx

    Terms of Use |

    http://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/en-us.aspx Trademarks


    Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=248681
    Privacy Statement .



    If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please http://click.email.microsoftemail .com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a0079e5cc587f4d16330b7c3c c8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc84856723b79aad9dc141ac1b2d1f f65f52b32c1ec81a40e05f7b65012608875ea&oneClick=newsletter

    click here . These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.



    To set your contact preferences for other Microsoft communications http://clic k.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a00 79e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc848567 23b79aad9dc141ac1b2d1ff65f52b32c1ec81a40e05f7b65012608875ea

    click here .



    Microsoft Corporation

    One Microsoft Way

    Redmond, WA 98052 USA
    ---
    ■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games
  • Web-based telnet client

    Other Links
    What is a BBS?
    Doors installed on this BBS
    Digital Distortion Doors & Tools
    Door stats
    Trivia scores
    Message networks
    Terminal software
    Synchronet archiver setup
    Ready.gov anti-terrorist guidelines as of 2003

    Other services
    Telnet
    RLogin
    IRC
    Email & news access

    Feel free to send me an email.

    BBS UPS stats
  • Who's Online

  • Recent Visitors

    • Merlin
      Mon Apr 14 06:31:48 2025
      from Milton, WV via HTTP
    • Merlin
      Sun Apr 6 09:19:55 2025
      from Milton, WV via HTTP
    • xbit
      Sat Feb 22 04:36:09 2025
      from Portland, Or via HTTP
    • Wilmaxs
      Wed Aug 16 04:20:48 2023
      via HTTP
  • System Info

    Sysop: Eric Oulashin
    Location: Beaverton, Oregon, USA
    Users: 104
    Nodes: 16 (0 / 16)
    Uptime: 06:35:33
    Calls: 6,070
    Calls today: 11
    Files: 8,500
    D/L today: 62 files
    (56,141K bytes)
    Messages: 347,570
    Posted today: 2

© Digital Distortion, 2025