How to move users to the Outlook app with Intune
Microsoft is turning off basic authentication, so it’s wise to move mobile users to the Outlook app to better protect them from attackers.
Computer Security Articles
RSS Reader for Computer Security Articles
windows
Microsoft releases emergency IE patches inside 'optional, non-security' cumulative updates
Credit to Author: Woody Leonhard| Date: Tue, 24 Sep 2019 12:13:00 -0700
I’ve seen a lot of confusion about the security hole known as CVE-2019-1367 and what normal Windows customers should do about it. Part of the reason for the confusion is the way the fix was distributed – the patching files were released on Monday, Sept. 23, but only via manual download from the Microsoft Update Catalog.
On a Monday.
In the past few hours, Microsoft released a hodge-podge of patches that seem to tackle the problem. They’re “optional non-security” and “Monthly Rollup preview” patches, so you won’t get them unless you specifically go looking for them.
Microsoft delivers emergency security update for antiquated IE
Credit to Author: Gregg Keizer| Date: Tue, 24 Sep 2019 03:00:00 -0700
Microsoft on Monday released an emergency security update to patch a vulnerability in Internet Explorer (IE), the legacy browser predominantly used by commercial customers.
The flaw, which was reported to Microsoft by Clement Lecigne, a security engineer with Google’s Threat Analysis Group (TAG), has already been exploited by attackers, making it a classic “zero-day,” a vulnerability actively in use before a patch is in place.
In the security bulletin that accompanied the release of the IE patch, Microsoft labeled the bug a remote code vulnerability, meaning that a hacker could, by exploiting the bug, introduce malicious code into the browser. Remote code vulnerabilities, also called remote code execution, or RCE, flaws, are among the most serious. That seriousness, as well as the fact that criminals are already leveraging the vulnerability, was reflected in Microsoft’s decision to go “out of band,” or off the usual patching cycle, to plug the hole.
How to monitor Windows to prevent credential theft attacks
Attackers are now enabling WDigest credential caching to allow them to harvest credentials. Here’s how to spot it.
September, 2019 Patch Tuesday updates a raft of Windows weaknesses
Credit to Author: alexandrebecholey| Date: Sat, 14 Sep 2019 16:38:03 +0000
With nearly 80 major vulnerabilities addressed, this is not an update cycle you want to skip<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/Pn6Elf2PeyI” height=”1″ width=”1″ alt=””/>
Read MoreHeads up: Microsoft is back to snooping with this month’s Win7 and 8.1 'security-only' patches
Credit to Author: Woody Leonhard| Date: Thu, 12 Sep 2019 09:32:00 -0700
Two months ago, the July Win7 security-only patch was found to install telemetry software, triggered by newly installed scheduled tasks called ProgramDataUpdater, Microsoft Compatibility Appraiser, and AitAgent. As best I can tell, Microsoft never admitted that its security-only patch dropped a telemetry component.
The August security-only update didn’t include that bit of snooping, so it looked like the July snooping was a one-off aberration.
Windows 10 1909: What's in it for enterprises?
Credit to Author: Gregg Keizer| Date: Wed, 11 Sep 2019 14:51:00 -0700
This fall's update for Windows 10 may not include a raft of new features, but it does offer something even more important to enterprise IT: extended support that should make future upgrades easier to manage.
Read MoreHow to set up Microsoft Teams for security and compliance
These are the security and compliance decisions you need to make when deploying Microsoft Teams.