Microsoft Security Newsletter - March 2015



Trustworthy Computing | March 2015
Microsoft Security Newsletter



Welcome to March 2015's Security Newsletter!

This month, we are highlighting the security controls available in Office 365, with a focus on http://blogs.office.com/2015/03/30/announcing-general-availabil ity-of-built-in-mobile-device-management-for-office-365/

the built-in mobile device management (MDM) capabilities now available for Office 365 . With MDM for Office 365, you can manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices. More importantly, the built-in MDM features are included at no additional cost in all Office 365 commercial plans, including Business, Enterprise, EDU, and Government plans.



If you are looking for protection beyond what's included in Office 365, you can subscribe to http://www.microsoft.com/en-us/server-cloud/products/microsoft-int une/default.aspx Microsoft Intune , part of the http://www.microsoft.com/en-us/server-cloud/enterprise-mobility/Overview.aspx Microsoft Enterprise Mobility Suite , and receive additional device and application management capabilities for phones, tablets and PCs. To learn more, check out the new https://azureinfo.microsoft.com/EMS-Series-US.html?ls=Social&lsd=so1 Enterprise Mobility Suite webinar series . Each month, there will be one webinar based on the solutions and the big picture for enterprise mobility, and a second, deeper dive webinar on specific product features and how-to guidance.



Also, if you haven't done so already, register for Microsoft Ignite this May to get up to speed on security best practices for Office 365 and enterprise mobility as well as the latest in client, server, browser, network, cloud, and app security technologies and practices. Not able to attend in person this year? Stay tuned for details on how to watch on-demand sessions after the event.



Best regards,

Tim Rains, Chief Security Advisor

Cybersecurity & Cloud Strategy, Microsoft



Want to share this newsletter with a friend or colleague? https://technet.microsoft.com/en-us/security/cc307424.aspx Click here for the online edition and subscription options .


Have feedback on how we can improve this newsletter? Email us at mailto:secnlfb@microsoft.com secnlfb@microsoft.com and share your ideas.




Top Stories



http://blogs.technet.com/b/srd/archive/2015/03/16/emet-5-2-is-available.aspx EMET 5.2 Now Available

Enhanced Mitigation Experience Toolkit (EMET) 5.2 includes increased security protections to improve your security posture, such as Control Flow Guard, improvements to the configuration for Attack Surface Reduction (ASR) mitigation, and full support for reporting from Modern Internet Explorer, or Desktop IE with Enhanced Protected Mode enabled.

http://blogs.msdn.com/b/azuresecurity/archive/2015/03/03/microsoft-azure-netwo rk-security-whitepaper-version-3-is-now-available.aspx

Updated White Paper on Microsoft Azure Network Security

Download the latest version of this white paper, which now includes guidance on how to use Azure's native network security features to help protect your information assets.




Security Guidance

https://technet.microsoft.com/en-us/library/dn532171.aspx
Office 365 Security and Compliance

Quickly access more information on the features in Office 365 that are available to help you with fulfill your organization's security and compliance needs from https://technet.microsoft.com/library/dn790611.aspx anti-spam and anti-malware protection to https://technet.microsoft.com/library/dn569286.aspx encryption and https://technet.microsoft.com/library/dn792011.aspx Information Rights Management .



https://technet.microsoft.com/library/faa7d8e5-645d-4d59-839c-c8d4c1869e4a(v=t echnet.10).aspx

Overview of Mobile Device Management for Office 365

You can manage and secure mobile devices when they're connected to your Office 365 organization by using Mobile Device Management for Office 365. Get a quick overview of setup steps for admins plus a summary of device management tasks and where you'll go to perform them.



https://technet.microsoft.com/en-US/library/ms.o365.cc.devicepolicysupportedde vice.aspx

Capabilities of Mobile Device Management for Office 365

Mobile Device Management for Office 365 can help you secure and manage mobile devices like iPhones, iPads, Androids, and Windows Phones used by licensed Office 365 users in your organization. Find out which devices are supported and explore policy settings, security settings, and more.




https://technet.microsoft.com/library/dn957912.aspx
Choosing Between Microsoft Intune and Built-in MDM for Office 365

As an IT purchasing manager or an IT administrator, you might have questions about which cloud-based Microsoft mobile device management solution is the best fit for your needs. This article compares the capabilities of Built-in Mobile Device Management for Office 365 to the capabilities of Microsoft Intune to help you to make this decision.





Community Update
http://products.office.com/en-us/business/office-365-trust-center-top-10-trust -tenets-cloud-security-and-privacy#securityAndPrivacy

Office 365 Trust Center: Top 10 Lists

Need to determine the security and trustworthiness of cloud productivity services and choose a cloud service provider that meets your security expectations? Based on community feedback and real-world customer experiences, these top-ten lists, which include "Top questions you should ask a cloud service provider when you are considering the cloud for your IT services, and how Microsoft Office 365 answers these questions," can help you focus on the key privacy and security considerations that should inform your decision.






This Month's Security Bulletins


March 2015 Security Bulletins


Critical

-MS15-018:3032359
https://technet.microsoft.com/library/security/ms15-018

Cumulative Security Update for Internet Explorer

-MS15-019:3040297
https://technet.microsoft.com/library/security/ms15-019

Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution

-MS15-020:3041836
https://technet.microsoft.com/library/security/ms15-020

Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution

-MS15-021:3032323
https://technet.microsoft.com/library/security/ms15-021

Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution

-MS15-022:3038999
https://technet.microsoft.com/library/security/ms15-022

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution



Important

-MS15-023:3034344
https://technet.microsoft.com/library/security/ms15-023

Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege

-MS15-024:3035132
https://technet.microsoft.com/library/security/ms15-024

Vulnerability in PNG Processing Could Allow Information Disclosure

-MS15-025:3038680
https://technet.microsoft.com/library/security/ms15-025

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

-MS15-026:3040856
https://technet.microsoft.com/library/security/ms15-026

Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege

-MS15-027:3002657
https://technet.microsoft.com/library/security/ms15-027

Vulnerability in NETLOGON Could Allow Spoofing

-MS15-028:3030377
https://technet.microsoft.com/library/security/ms15-028

Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass

-MS15-029:3035126
https://technet.microsoft.com/library/security/ms15-029

Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure

-MS15-030:3039976
https://technet.microsoft.com/library/security/ms15-030

Vulnerability in Remote Desktop Protocol Could Allow Denial of Service

-MS15-031:3046049
https://technet.microsoft.com/library/security/ms15-031

Vulnerability in Schannel Could Allow Security Feature Bypass


March 2015 Security Bulletin Resources:

-
http://blogs.technet.com/b/msrc/archive/2015/03/10/march-2015-updates.aspx

March 2015 Bulletin Release Blog Post
- http://www.microsoft.com/en-us/download/malicious-software-removal-tool-detai ls.aspx

Malicious Software Removal Tool: March 2015 Update



Security Events and Training


http://blogs.office.com/2014/09/03/garage-series-office-365-assessing-top-5-cl oud-security-threats-mark-russinovich/

The Garage Series for Office 365: Assessing the Top 5 Cloud Security Threats with Mark Russinovich

Learn about the most frequently discussed cloud security threats then listen as Microsoft Technical Fellow Mark Russinovich describes each threat and how Microsoft architects its cloud services to maximize data security and protect against data loss. You'll also get pro tips to help you protect against credential loss and contain the risk of user-driven shadow IT.


http://ignite.microsoft.com/
Microsoft Ignite
May 4-8, 2015 û Chicago, IL

Ready to explore the latest security and access management technologies? Want to dive deep and learn how to improve the security of your IT infrastructure as well as the devices you manage and the apps you create? http://ignite.microsoft.com/Register#fbid=wmVeVBjEauv Register for Microsoft Ignite 2015 for access to more than 70 http://ignite.microsoft.com/Sessions sessions on everything from SharePoint data security and next-generation malware detection to secure development best practices for web and cross-platform mobile apps.



Here is just a sample of the sessions you could attend:


- http://ignite.microsoft.com/session/sessionmoreinfo/?topicid=24b9cff8-b79f-e4 11-b87f-00155d5066d7#fbid=wmVeVBjEauv

Windows 10: Security Internal
- http://ignite.microsoft.com/session/sessionmoreinfo/?topicid=4f10608f-b09f-e4 11-b87f-00155d5066d7#fbid=wmVeVBjEauv

Browser Security
- http://ignite.microsoft.com/session/sessionmoreinfo/?topicid=eba03d6a-b89f-e4 11-b87f-00155d5066d7#fbid=wmVeVBjEauv

How You Can Hack-Proof Your Clients and Servers in a Day
- http://ignite.microsoft.com/session/sessionmoreinfo/?topicid=549f9127-dab2-e4 11-b87f-00155d5066d7#fbid=wmVeVBjEauv

Configuring Corporate-Owned Mobile Devices with Microsoft Intune
- http://ignite.microsoft.com/session/sessionmoreinfo/?topicid=df1d9b24-1d95-e4 11-b87f-00155d5066d7#fbid=wmVeVBjEauv

Experts Unplugged: Office 365 Security
- http://ignite.microsoft.com/session/sessionmoreinfo/?topicid=e68edc3c-58a2-e4 11-b87f-00155d5066d7#fbid=wmVeVBjEauv

Microsoft Identity Platform for Developers û Overview and Roadmap





Essential Tools


-
http://technet.microsoft.com/security/bulletin
Microsoft Security Bulletins

-
http://technet.microsoft.com/security/advisory
Microsoft Security Advisories

-
http://www.microsoft.com/security/sdl/adopt/starterkit.aspx
Microsoft Security Development Lifecycle Starter Kit

-
http://support.microsoft.com/kb/2458544
Enhanced Mitigation Experience Toolkit

-
http://www.microsoft.com/security/pc-security/malware-removal.aspx
Malicious Software Removal Tool

-
http://technet.microsoft.com/security/cc184924.aspx
Microsoft Baseline Security Analyzer


Security Centers


-
http://technet.microsoft.com/security
Security TechCenter

-
http://msdn.microsoft.com/security
Security Developer Center

-
http://www.microsoft.com/security/msrc/default.aspx
Microsoft Security Response Center

-
http://www.microsoft.com/security/portal/
Microsoft Malware Protection Center

-
http://www.microsoft.com/privacy
Microsoft Privacy

-
http://support.microsoft.com/select/default.aspx?target=hub&c1=10750 Microsoft Security Product Solution Centers


Additional Resources


-
http://blogs.microsoft.com/cybertrust/
Microsoft Cybertrust Blog

-
http://www.microsoft.com/security/sir
Microsoft Security Intelligence Report

-
http://www.microsoft.com/security/sdl
Microsoft Security Development Lifecycle

-
http://technet.microsoft.com/library/cc162838.aspx
Malware Response Guide

-
http://technet.microsoft.com/security/bb980617.aspx
Security Troubleshooting and Support Resources




microsoft.com/about/twcTrustworthy Computing




This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.



(c) 2014 Microsoft Corporation
http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Copyright/defa ult.aspx

Terms of Use |
http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Trademarks/EN- US.aspx

Trademarks


Microsoft respects your privacy. To learn more please read our online http://go.microsoft.com/fwlink/?LinkId=248681 Privacy Statement .



If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please http://click.email.microsoftemail. com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a0079e5cc587f4d16330b7c3cc 8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc81933a69be6aa8408e01ec57acf04 d91a5e63866e1ef94beb69fc2157ee80bc43&oneClick=newsletter

click here . These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.



To set your contact preferences for other Microsoft communications http://click .email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a007 9e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc81933a6 9be6aa8408e01ec57acf04d91a5e63866e1ef94beb69fc2157ee80bc43

click here .



Microsoft Corporation

One Microsoft Way

Redmond, WA 98052 USA
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games