Microsoft Security Newsletter March 2016



March 2016
Microsoft Security Newsletter



Spring is here, and so is MarchÆs Security Newsletter!

I spoke at the
https://csacongress.org/event/summit-rsa-2016/
Cloud Security Alliance Summit held in San Francisco a few weeks ago and had the opportunity to participate in a panel discussion on cloud security, and to discuss lessons learned from a cloud services providerÆs point of view. The panel was moderated by Robert Herjavec, CEO of the Herjavec Group and star of ABC's Shark Tank. Robert was a gracious and fun moderator to work with; I survived the panel without a shark bite!



The next day, Brad Smith, Microsoft President and Chief Legal Officer, delivered a keynote at the RSA Conference on " https://www.rsaconference.com/ev ents/us16/agenda/sessions/2750/trust-in-the-cloud-in-tumultuous-times

Trust in the Cloud in Tumultuous Times ". There were several https://blogs.mic rosoft.com/cybertrust/2016/02/16/headed-to-rsa-heres-your-event-guide-for-trust -in-cloud-services/

Microsoft sessions throughout the week at the conference, including https://w ww.rsaconference.com/videos/quick-look-saas-attacks-happen-how-cloud-scale-chan ges-the-security-game

SaaS Attacks Happen: How Cloud Scale Changes the Security Game and Mark RussinovichÆs https://www.rsaconference.com/videos/machine-learning-and-the-cl oud-disrupting-threat-detection-and-prevention

Machine Learning and the Cloud: Disrupting Threat Detection and Prevention .



The theme of this monthÆs newsletter is enterprise mobility û a topic that I know so many CIOs and CISOs are interested in. Brad Anderson, Corporate Vice President, Enterprise and Client Mobility has been blogging a lot on this topic and I always learn something from him. I recommend checking out his https://blogs.technet.microsoft.com/in_the_cloud/
In the Cloud blog and the resources featured in this monthÆs newsletter for tips on security, mobile device management, and more.



Best regards,

Tim Rains

Director, Security, Microsoft



Want to share this newsletter with a friend or colleague? https://technet.microsoft.com/en-us/security/cc307424.aspx
Click here for the online edition and subscription options .


Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com
secnlfb@microsoft.com and share your ideas.




Top Stories



https://blogs.microsoft.com/blog/2016/02/25/enterprise-security-for-our-mobile- first-cloud-first-world-2/

Progress Report: Enterprise Security for Our Mobile-First, Cloud-First World

Learn about new Microsoft security capabilities, products and features designed to help our customers accelerate the adoption of a more holistic security posture that helps protect, detect and respond to modern security threats.


https://blogs.technet.microsoft.com/msrc/2016/03/18/microsoft-bounty-programs-a nnounce-expansion-bounty-for-microsoft-onedrive/

Microsoft Bounty Programs Announce Expansion û Bounty for Microsoft OneDrive

Microsoft OneDrive has now been added to the Microsoft Online Services Bug Bounty Program. The bounty program enables individuals across the globe to earn a bounty on submitted vulnerabilities for participating services and products provided by Microsoft. Learn more about this opportunity.


https://blogs.msdn.microsoft.com/secdevblog/
New Secure Development at Microsoft Blog

Check out this new developer-focused security blog for information about new security tools, services, open source projects, and best development practices. Blog posts will be written by Microsoft engineers to give you the right level of technical depth you need to integrate security assurance into your projects right away.


https://blogs.microsoft.com/cybertrust/2016/03/21/the-trusted-cloud-what-do-pri vacy-and-control-really-mean/

The Trusted Cloud: What Do Privacy and Control Really Mean?

The cloud is a powerful game-changer for businesses all over the world, but with that power comes great responsibility. Managing the volume, variety, and disparate sources of data generated through mobile devices and other activities is a global challenge for your enterprise. Explore MicrosoftÆs Trusted Cloud principles.




Security Guidance

https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/ems-trial.aspx Microsoft Enterprise Mobility Suite 30-Day Trial

Test drive Microsoft Enterprise Mobility Suite (EMS) free for 30 days. Your free trial will include Azure Active Directory Premium, Microsoft Intune, and Azure Rights Management.


https://technet.microsoft.com/library/mt674915.aspx?ocid=wc-nl-secnews
Windows 10 Mobile Security Guide

Get a detailed description of the most important security features in the Windows 10 Mobile operating systemùidentity access and control, data protection, malware resistance, and app platform security. Looking for more information? Learn about https://technet.microsoft.com/library/mt592645.aspx?ocid=wc-nl-secnews
settings and quick actions that can be locked down in Windows 10 Mobile then learn how to https://technet.microsoft.com/library/mt595906.aspx?ocid=wc-nl-secnews configure Windows 10 Mobile using Lockdown XML or https://technet.microsoft.com/library/mt219735.aspx?ocid=wc-nl-secnews
manage identity verification using Microsoft Passport . For details on how to deploy, configure, maintain, and support phones and small tablets running Windows 10 Mobile, see https://technet.microsoft.com/library/mt679132.aspx?ocid=wc-nl-secnews
Windows 10 Mobile and mobile device management .


https://technet.microsoft.com/library/mt143180.aspx
Mobile Device Management Design Considerations Guide

Learn how to understand your MDM design requirements and find steps and tasks that you can follow to design a MDM solution that best fits the business and technology needs for your organization.


https://technet.microsoft.com/en-us/library/mt313203.aspx
Protect Data and Devices with Microsoft Intune

Find a quick overview of common user scenarios that might present a danger to your network and data, then move on to detailed guidance on how you can protect against them using Microsoft Intune.


https://azure.microsoft.com/en-us/documentation/articles/remoteapp-whatis/
What Is Azure RemoteApp?

Azure RemoteApp helps you provide secure, remote access to applications from many different user devices. Explore real world scenarios, best practices, and tips on how to create either a cloud or hybrid collection of Azure RemoteApp.


https://www.microsoft.com/en-us/server-cloud/enterprise-mobility/webinars.aspx Microsoft EMS Resources

Find how-to sessions to help you leverage enterprise mobility technologies and read real use cases to help you plan and build enterprise mobility into your infrastructure.


https://technet.microsoft.com/en-us/library/dn707706.aspx
Microsoft Advanced Threat Analytics

Microsoft Advanced Threat Analytics (ATA) helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. Find out how it works and what threats it looks for, and get
https://technet.microsoft.com/en-us/library/mt163704.aspx
answers to common questions . Want to deploy ATA in your organization? Read the https://technet.microsoft.com/en-us/library/mt126113.aspx
deployment guide and https://technet.microsoft.com/en-us/library/mt126112.aspx
operations guide for step-by-step instructions.




This Month's Security Bulletins


March 2016 Security Bulletins


Critical

-MS16-023:3142015
https://technet.microsoft.com/library/security/ms16-023
Cumulative Security Update for Internet Explorer

-MS16-024:3142019
https://technet.microsoft.com/library/security/ms16-024
Cumulative Security Update for Microsoft Edge

-MS16-026:3143148
https://technet.microsoft.com/library/security/ms16-026
Security Update for Graphic Fonts to Address Remote Code Execution

-MS16-027:3143146
https://technet.microsoft.com/library/security/ms16-027
Security Update for Windows Media to Address Remote Code Execution

-MS16-028:3143081
https://technet.microsoft.com/library/security/ms16-028
Security Update for Microsoft Windows PDF Library to Address Remote Code Execution

-MS16-036:3144756
https://technet.microsoft.com/library/security/ms16-036
Security Update for Adobe Flash Player



Important

-MS16-025:3140709
https://technet.microsoft.com/library/security/ms16-025
Security Update for Windows Library Loading to Address Remote Code Execution

-MS16-029:3141806
https://technet.microsoft.com/library/security/ms16-029
Security Update for Microsoft Office to Address Remote Code Execution

-MS16-030:3143136
https://technet.microsoft.com/library/security/ms16-030
Security Update for Windows OLE to Address Remote Code Execution

-MS16-031:3140410
https://technet.microsoft.com/library/security/ms16-031
Security Update for Microsoft Windows to Address Elevation of Privilege

-MS16-032:3143141
https://technet.microsoft.com/library/security/ms16-032
Security Update for Secondary Logon to Address Elevation of Privilege

-MS16-033:3143142
https://technet.microsoft.com/library/security/ms16-033
Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege

-MS16-034:3143145
https://technet.microsoft.com/library/security/ms16-034
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege

-MS16-035:3141780
https://technet.microsoft.com/library/security/ms16-035
Security Update for .NET Framework to Address Security Feature Bypass


March 2016 Security Bulletin Resources:

-
https://technet.microsoft.com/library/security/ms16-mar

March 2016 Security Update Release Summary
-
Malicious Software Removal Tool: https://www.microsoft.com/en-us/download/mali cious-software-removal-tool-details.aspx

March 2016 Update



Security Events and Training



https://aka.ms/Sec16_SecurityNL
CanÆt Miss! Microsoft Virtual Security Summit
March 29, 2016 û 9:00AM Pacific Time


With the threat of cyberattacks against corporations, government agencies and nonprofits looming, itÆs imperative to understand how cybercriminals have evolved and learn best practices to keep your organization safe. Join us to hear from leading security experts who can equip you with the tools and knowledge necessary to protect your organization. Reserve your spot now!


https://mva.microsoft.com/en-US/training-courses/enterprise-mobility-suite-beyo nd-bring-your-own-device-15707?l=OI2bSKB3B_2001937555

Enterprise Mobility Suite: Beyond "Bring Your Own Device"

Get an in-depth look at supporting services and infrastructure to further implement, manage, and protect your technology assets through on-premises and user-owned technologies and devices.


https://info.microsoft.com/Anatomy-of-a-breach-Registration.html?ls=Blogs?wt.mc _id=US_CE_TC_OO_BLOG_NONE&LS=&LSD=

Anatomy of a Breach: How Hackers Break In

Do you know how a security breach actually happens? How hackers get a foothold, and what they do once theyÆre in? Watch this webinar for information to learn about common ways hackers get into your network, how hackers set up and manage long-term attacks, and the steps you can take to prevent an attack.

https://channel9.msdn.com/Events/TechNetVirtualConference/TechNetVC2016/Day-1-T im-Rains-on-Security-and-Patching-Vulnerabilities

TechNet Virtual Conference: Security and Patching Vulnerabilities

Get the latest insights and guidance on patching vulnerabilities with this on demand session from Tim Rains.





Essential Tools


-
https://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins

-
https://technet.microsoft.com/security/advisory
Microsoft Security Advisories

-
https://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit

-
https://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit

-
https://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool

-
https://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer


Security Centers


-
https://technet.microsoft.com/security
Security TechCenter

-
https://msdn.microsoft.com/security
Security Developer Center

-
https://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center

-
https://www.microsoft.com/security/portal/
Microsoft Malware Protection Center

-
https://www.microsoft.com/privacy
Microsoft Privacy

-
https://support.microsoft.com/select/default.aspx?target=hub&c1=10750 Microsoft Security Product Solution Centers


Additional Resources


-
https://blogs.microsoft.com/cybertrust/
Microsoft Cybertrust Blog

-
https://blogs.msdn.com/b/azuresecurity/
Microsoft Azure Security Blog

-
https://www.microsoft.com/security/sir
Microsoft Security Intelligence Report

-
https://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle

-
https://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide

-
https://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources




technet.microsoft.com/security




This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.



(c) 2016 Microsoft Corporation

https://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Copyright/defa ult.aspx

Terms of Use |

https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/en-us.asp x
Trademarks


Microsoft respects your privacy. To learn more please read our online https://go.microsoft.com/fwlink/?LinkId=248681
Privacy Statement .



If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please https://click.email.microsoftemai l.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a0079e5cc587f4d16330b7c3 cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc8324b39e0ebb457e896dd969995 65dc84a0909fcdd803233cb871741a56f748a4&oneClick=newsletter

click here . These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.



To set your contact preferences for other Microsoft communications https://cli ck.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a0 079e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc8324b 39e0ebb457e896dd96999565dc84a0909fcdd803233cb871741a56f748a4

click here .



Microsoft Corporation

One Microsoft Way

Redmond, WA 98052 USA
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games