Microsoft Security Newsletter




Microsoft Security Newsletter



Welcome to the latest Newsletter!

This month's newsletter focuses on the importance of keeping systems up to date.



In terms of security vulnerability management, the industry has come a long way since 2003. In 2003, I worked on Microsoft's customer-facing incident response team which, among other things, supported Microsoft security updates. Back in those days, security updates from Microsoft were released weekly. Feedback from many of our enterprise customers ushered in a bunch of improvements for how we released security updates, including offering services like Windows Update, Microsoft Update, Windows Server Update Services (WSUS), and Microsoft System Center Configuration Manager, and implementing a predictable monthly security update release cycle (affectionately nick-named ";Patch Tuesday";) in October 2003.



Since then, many of our customers have developed mature processes for managing vulnerabilities and the security updates that they receive from many of their vendors. I've told many customers over the years, if you aren't getting security updates from all your vendors for all your software, you are likely not getting your money's worth. The challenge that customers with mature security update processes have today is that, although their processes are now part of a smooth rhythm of business, they might not be keeping pace with attackers unless they have decreased the time to update their environments over the past year.



In the first half of 2014, we saw purveyors of commercial exploit kits adding new exploits to their exploit kits about 30 days after the release of a security update. By the fourth quarter, they were adding new exploits to exploit kits within 10 days of the release of security updates and, in the first quarter of 2015, they were adding zero-day exploits to their kits; i.e. the time-to-exploit kit has been reduced from 30 days to zero days. Subsequently, given that these attackers dramatically accelerated their efforts in the past year, CISOs and infrastructure executives should assess whether they need to accelerate the speed of security update deployments in their environments.



Some positive news is that, although industry vulnerability counts were higher than ever over the past year (data seen in Figure 1 below is from the http://microsoft.com/sir
Microsoft Security Intelligence Report volume 19 ), the exploitability of critically rated vulnerabilities for Microsoft products is down more than 70% since 2011 as seen in Figure 2 below.



Figure 1: Industrywide vulnerability disclosures, from the second half of 2012 (2H12) to the first half of 2015 (1H15)



Figure 2: Microsoft Remote Code execution CVEs by year



Some more positive news is that Microsoft is trying to make security updating easier and faster for our enterprise customers. The new servicing options for Windows 10 give enterprise customers more flexibility than ever. You'll find more details in this month's newsletter!



Best regards,

Tim Rains, Chief Security Advisor

Enterprise Cybersecurity Group, Microsoft



Want to share this newsletter with a friend or colleague? https://technet.microsoft.com/en-us/security/cc307424.aspx
Click here for the online edition and subscription options .


Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.




Top Stories



http://blogs.microsoft.com/cybertrust/2015/11/18/microsoft-security-intelligenc e-report-volume-19-is-now-available/

Microsoft Security Intelligence Report Volume 19 is now available

Download hundreds of pages of new threat intelligence to help you better assess your current security posture. The latest version of the Security Intelligence Report includes threat data from the first half of 2015 as well as longer term trend data on the industry vulnerabilities, exploits, malware, and malicious websites that your organization.


http://blogs.microsoft.com/cybertrust/2015/11/23/a-single-unified-trust-center- for-the-microsoft-cloud/

A Single, Unified Trust Center for the Microsoft Cloud

Check out the new Microsoft Trust Center at http://www.microsoft.com/trustcenter
www.microsoft.com/trustcenter , which now unifies the trust centers of Microsoft's enterprise cloud services—Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365. Find documentation on the adherence of Microsoft cloud services to international and regional standards, privacy and data protection policies and processes, and data transfer and location policies, as well as security features and functionality.


http://blogs.technet.com/b/mmpc/archive/2015/11/26/shields-up-on-potentially-un wanted-applications-in-your-enterprise.aspx

Shields Up on Potentially Unwanted Applications in Your Enterprise

Learn how a new opt-in feature for enterprise users in Windows can spot and stop a potentially unwanted application (PUA) in its tracks by blocking the application at the point of download and installation.


http://blogs.technet.com/b/mmpc/archive/2015/11/25/does-prevalence-matter-a-dif ferent-approach-to-traditional-antimalware-test-scoring.aspx

Does Prevalence Matter? A Different Approach to Traditional Antimalware Test Scoring
Most well-known antimalware tests today focus on broad-spectrum malware.In other words, tests include malware that is somewhat indiscriminate (isn't necessarily targeted), at least somewhat prevalent and sometimes very prevalent. Yet, when it comes to real customer impact, not all malware has the same distribution or prevalence.Find out how Microsoft is collaborating to create a more applicable scoring model.




Security Guidance

https://technet.microsoft.com/ie/mt163707.aspx
Security Tip of the Month: Upgrade to a Modern Browser

Microsoft is

http://blogs.windows.com/business/2015/11/23/upgrading-to-a-faster-more-secure- browsing-experience/

encouraging customers to upgrade to the latest, most secure version of Internet Explorer in order to continue receiving security updates and technical support. Starting January 12, 2016, support ends for older versions of Internet Explorer, so Windows 7 customers should upgrade to Internet Explorer 11 to remain supported. For a complete list of supported versions, please see the

https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer Internet Explorer Support Lifecycle Policy FAQ .



Microsoft Edge for Windows 10 is our

http://blogs.windows.com/msedgedev/tag/security/
most secure browser yet , but customers using older versions of Windows should upgrade to the latest version of Internet Explorer. It's easier to upgrade than ever before thanks to features like Enterprise Mode, which provides better backward compatibility for sites designed for older versions. Resources like the new

https://technet.microsoft.com/ie/mt612809.aspx
Web Application Compatibility Lab Kit , a self-service lab that shows how to assess and fix web app compat issues, can also help make upgrading faster and easier than before. Finally, we have announced some

http://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improv ements/

significant product improvements that can reduce the costs of upgrading and managing a more secure Microsoft browser solution. With these moves, Microsoft is helping to build a more secure browser ecosystem.


https://technet.microsoft.com/library/mt574263.aspx?ocid=wc-nl-secnews
Windows 10 Servicing Options

Explore the new servicing options—current branch (CB), current branch for business (CBB), and long-term servicing branch (LTSB)—available in Windows 10.


https://technet.microsoft.com/library/mt622730.aspx?ocid=wc-nl-secnews
Windows Update for Business

Windows Update for Business enables you to keep the Windows 10-based devices in your organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft's Windows Update service. Learn how to implement and deploy a Windows Update for Business solution and how to maintain enrolled systems.


https://technet.microsoft.com/library/mt574263.aspx?ocid=wc-nl-secnews
Windows 10 Servicing Options

Explore the new servicing options—current branch (CB), current branch for business (CBB), and long-term servicing branch (LTSB)—available in Windows 10.


https://technet.microsoft.com/en-us/library/dn761709.aspx
The Update Process for Office 365 ProPlus

Unlike earlier versions of Office, individual security updates and other updates for Office 365 ProPlus aren't available on Windows Update. Instead, every time updates are released—usually the second Tuesday of each month—Microsoft creates an updated version of Office 365 ProPlus and puts it on the Internet. This updated version contains all the updates for that month, in addition to all updates from previous months. Learn more about the update process, including

https://technet.microsoft.com/EN-US/library/dn761707.aspx
how to apply updates ,

https://technet.microsoft.com/EN-US/library/dn761708.aspx
how to configure update settings , and

https://technet.microsoft.com/EN-US/library/dn761706.aspx
end user update notifications .


https://technet.microsoft.com/library/jj553405.aspx
Update System Center 2012 Configuration Manager

To update Configuration Manager, you can install a cumulative update or a service pack. Find out how to install updates and create collections for deploying updates.




This Month's Security Bulletins


December 2015 Security Bulletins


Critical

-MS15-112:3104517
https://technet.microsoft.com/library/security/ms15-112
Cumulative Security Update for Internet Explorer

-MS15-113:3104519
https://technet.microsoft.com/library/security/ms15-113
Cumulative Security Update for Microsoft Edge

-MS15-114:3100213
https://technet.microsoft.com/library/security/ms15-114
Security Update for Windows Journal to Address Remote Code Execution

-MS15-115:3105864
https://technet.microsoft.com/library/security/ms15-115
Security Update for Microsoft Windows to Address Remote Code Execution



Important

-MS15-116:3104540
https://technet.microsoft.com/library/security/ms15-116
Security Update for Microsoft Office to Address Remote Code Execution

-MS15-117:3101722
https://technet.microsoft.com/library/security/ms15-117
Security Update for NDIS to Address Elevation of Privilege

-MS15-118:3104507
https://technet.microsoft.com/library/security/ms15-118
Security Update for .NET Framework to Address Elevation of Privilege

-MS15-119:3104521
https://technet.microsoft.com/library/security/ms15-119
Security Update for Winsock to Address Elevation of Privilege

-MS15-120:3102939
https://technet.microsoft.com/library/security/ms15-120
Security Update for IPSec to Address Denial of Service

-MS15-121:3081320
https://technet.microsoft.com/library/security/ms15-121
Security Update for Schannel to Address Spoofing

-MS15-122:3105256
https://technet.microsoft.com/library/security/ms15-122
Security Update for Kerberos to Address Security Feature Bypass

-MS15-123:3105872
https://technet.microsoft.com/library/security/ms15-123
Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure


December 2015 Security Bulletin Resources:

- http://blogs.technet.com/b/msrc/archive/2015/11/10/november-2015-security-upd ate-release-summary.aspx


November 2015 Security Update Release Summary
-
Malicious Software Removal Tool: http://www.microsoft.com/en-us/download/malic ious-software-removal-tool-details.aspx

November 2015 Update and

http://blogs.technet.com/b/mmpc/archive/2015/11/10/msrt-november-2015-detection -updates.aspx

blog summary



Security Events and Training



https://mva.microsoft.com/en-us/training-courses/preparing-your-enterprise-for- windows-10-as-a-service-11813

Microsoft Virtual Academy: Preparing Your Enterprise for Windows 10 as a Service

Find out how Windows will evolve through servicing, and learn how you can make the most of servicing to get new features to your users faster.






Essential Tools


-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins

-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories

-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit

-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit

-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool

-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer


Security Centers


-
http://technet.microsoft.com/security
Security TechCenter

-
http://msdn.microsoft.com/security
Security Developer Center

-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center

-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center

-
http://www.microsoft.com/privacy
Microsoft Privacy

-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750 Microsoft Security Product Solution Centers


Additional Resources


-
http://blogs.microsoft.com/cybertrust/
Microsoft Cybertrust Blog

-
http://blogs.msdn.com/b/azuresecurity/
Microsoft Azure Security Blog

-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report

-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle

-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide

-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources




technet.microsoft.com/security




This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.



(c) 2015 Microsoft Corporation

http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Copyright/defau lt.aspx

Terms of Use |

http://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/en-us.aspx Trademarks


Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=248681
Privacy Statement .



If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please https://click.email.microsoftemai l.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a0079e5cc587f4d16330b7c3 cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc8362e5b79ae439813d7b4efc756 e16f0979c8497a8a8b1c2fcf4d95490c1e8323&oneClick=newsletter

click here . These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.



To set your contact preferences for other Microsoft communications https://cli ck.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a0 079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc8362e 5b79ae439813d7b4efc756e16f0979c8497a8a8b1c2fcf4d95490c1e8323

click here .



Microsoft Corporation

One Microsoft Way

Redmond, WA 98052 USA
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games