How to set up Microsoft Teams for security and compliance
These are the security and compliance decisions you need to make when deploying Microsoft Teams.
Computer Security Articles
RSS Reader for Computer Security Articles
windows
Heads up: A free, working exploit for BlueKeep just hit
Credit to Author: Woody Leonhard| Date: Fri, 06 Sep 2019 11:33:00 -0700
There’s been a lot of discussion about BlueKeep, its ramifications and various strategies for blocking it. In a nutshell, it’s a security hole in the Windows Remote Desktop Protocol that allows a malicious program to enter your machine – if you have Remote Dekstop turned on, it’s accessible directly from the internet, and you haven’t installed the May patches.
Two weeks ago, Susan Bradley posted a CSO article that details ways admins can avoid using RDP. I’ve seen reams of advice about blocking ports, disabling services, setting authentication levels, deploying voodoo dolls, reading chicken entrails…, but the simplest way for almost everybody to avoid the problem is to install the May (or later) Windows patches.
Time to install the August Windows patches — but watch out for the bugs
Credit to Author: Woody Leonhard| Date: Fri, 06 Sep 2019 08:16:00 -0700
August brought loads of drama to the Windows and Office patching scene. Microsoft’s first round of patches killed Visual Basic, Visual Basic for Applications and VBScript in certain situations — on all versions of Windows. Fixes for the bugs dribbled out three, four, six and 17 days after the original infection.
Those Microsoft-introduced bugs were all the more daunting because the August patches are the ones intended to protect us from DejaBlue — the recently announced “wormable” malware infection vector that (thankfully!) has yet to be exploited. The mainstream press picked up the Chicken Little cry to install August patches right away. Then the buggy offal hit the impeller, and the press fell silent.
How to disable basic or legacy authentication to set up MFA in Office 365
Microsoft recommends setting up multi-factor authentication in Windows 10 for better security, but you have to disable basic or legacy authentication first.
Microsoft Patch Alert: Full of sound and fury, signifying nothing
Credit to Author: Woody Leonhard| Date: Fri, 30 Aug 2019 10:27:00 -0700
What happens when Microsoft releases eight – count ‘em, eight – concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?
Pan. De. Moaaan. Ium.
The VB/VBA/VBScript debacle
No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive “invalid procedure call error” messages when using apps that had been working for decades.
August, 2019 Patch Tuesday Targets Remote Desktop and Active Directory
Credit to Author: SophosLabs Offensive Security| Date: Fri, 30 Aug 2019 16:28:14 +0000
Among the 94 vulnerabilities fixed this month by Microsoft, 29 are rated as Critical. Most importantly, the Remote Desktop Protocol (RDP) and its associated service (RDS) collect a total of 6 CVEs, which seems to show a renewed interest in the RDP protocol by vulnerability researchers; two of those classified as wormable (CVE-2019-1181 and CVE-2019-1182) […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/1hDq4cmGQ80″ height=”1″ width=”1″ alt=””/>
Read MoreMicrosoft removes August patch block on Win7/2008R2 systems running Norton, Symantec AV
Credit to Author: Woody Leonhard| Date: Wed, 28 Aug 2019 06:07:00 -0700
If you’re using Symantec Endpoint Protection or any Norton Antivirus product on a Windows 7 or Server 2008 R2 machine, you didn’t get the August patches. Shortly after the August Monthly Rollup and Security-only patches were released, Microsoft put a freeze on systems running Symantec or Norton antivirus products.
The conflict stemmed from a long-anticipated change in the way Microsoft signed the August patches: Starting in August, all patches are signed using the SHA-2 encryption method. Somehow, Symantec didn’t get the message back in November that the shift was underway, and missed the deadline.
Microsoft offers free post-2020 Windows 7 support for Win 10 Enterprise subscribers
Credit to Author: Gregg Keizer| Date: Mon, 26 Aug 2019 03:00:00 -0700
Microsoft is giving away one year of post-retirement support for Windows 7 to customers with active Windows 10 subscriptions.
“Enterprise Agreement and Enterprise Agreement Subscription (EA and EAS) customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security will get Windows 7 Extended Security Updates for Year 1 as a benefit,” Microsoft said in a FAQ about the end of support for Windows 7 and Office 2010.
Windows 10 Enterprise E5 and Microsoft 365 E5 are the top-tier subscriptions of the OS or packages that include the operating system. They are the highest-priced plans in their specific lines.