Monday, March 30, 2015

Microsoft Security Newsletter - March 2015



 
 
Trustworthy Computing | March 2015
Microsoft Security Newsletter
 
 
Welcome to March 2015's Security Newsletter!
This month, we are highlighting the security controls available in Office 365, with a focus on the built-in mobile device management (MDM) capabilities now available for Office 365. With MDM for Office 365, you can manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices. More importantly, the built-in MDM features are included at no additional cost in all Office 365 commercial plans, including Business, Enterprise, EDU, and Government plans.

If you are looking for protection beyond what's included in Office 365, you can subscribe to Microsoft Intune, part of the Microsoft Enterprise Mobility Suite, and receive additional device and application management capabilities for phones, tablets and PCs. To learn more, check out the new Enterprise Mobility Suite webinar series. Each month, there will be one webinar based on the solutions and the big picture for enterprise mobility, and a second, deeper dive webinar on specific product features and how-to guidance.

Also, if you haven't done so already, register for Microsoft Ignite this May to get up to speed on security best practices for Office 365 and enterprise mobility as well as the latest in client, server, browser, network, cloud, and app security technologies and practices. Not able to attend in person this year? Stay tuned for details on how to watch on-demand sessions after the event.

Tim Rains Best regards,
Tim Rains, Chief Security Advisor
Cybersecurity & Cloud Strategy, Microsoft

Want to share this newsletter with a friend or colleague? Click here for the online edition and subscription options.
Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas.

 
Top Stories
 
EMET 5.2 Now Available
Enhanced Mitigation Experience Toolkit (EMET) 5.2 includes increased security protections to improve your security posture, such as Control Flow Guard, improvements to the configuration for Attack Surface Reduction (ASR) mitigation, and full support for reporting from Modern Internet Explorer, or Desktop IE with Enhanced Protected Mode enabled.

Updated White Paper on Microsoft Azure Network Security
Download the latest version of this white paper, which now includes guidance on how to use Azure's native network security features to help protect your information assets.

 
Security Guidance
Office 365 Security and Compliance
Quickly access more information on the features in Office 365 that are available to help you with fulfill your organization's security and compliance needs from anti-spam and anti-malware protection to encryption and Information Rights Management.

Overview of Mobile Device Management for Office 365
You can manage and secure mobile devices when they're connected to your Office 365 organization by using Mobile Device Management for Office 365. Get a quick overview of setup steps for admins plus a summary of device management tasks and where you'll go to perform them.

Capabilities of Mobile Device Management for Office 365
Mobile Device Management for Office 365 can help you secure and manage mobile devices like iPhones, iPads, Androids, and Windows Phones used by licensed Office 365 users in your organization. Find out which devices are supported and explore policy settings, security settings, and more.

Choosing Between Microsoft Intune and Built-in MDM for Office 365
As an IT purchasing manager or an IT administrator, you might have questions about which cloud-based Microsoft mobile device management solution is the best fit for your needs. This article compares the capabilities of Built-in Mobile Device Management for Office 365 to the capabilities of Microsoft Intune to help you to make this decision.

 
Community Update
Office 365 Trust Center: Top 10 Lists
Need to determine the security and trustworthiness of cloud productivity services and choose a cloud service provider that meets your security expectations? Based on community feedback and real-world customer experiences, these top-ten lists, which include "Top questions you should ask a cloud service provider when you are considering the cloud for your IT services, and how Microsoft Office 365 answers these questions," can help you focus on the key privacy and security considerations that should inform your decision.

 
This Month's Security Bulletins
 
March 2015 Security Bulletins

Critical
 
MS15-018: 3032359 Cumulative Security Update for Internet Explorer
 
MS15-019: 3040297 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
 
MS15-020: 3041836 Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution
 
MS15-021: 3032323 Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution
 
MS15-022: 3038999 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Important
 
MS15-023: 3034344 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege
 
MS15-024: 3035132 Vulnerability in PNG Processing Could Allow Information Disclosure
 
MS15-025: 3038680 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
 
MS15-026: 3040856 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege
 
MS15-027: 3002657 Vulnerability in NETLOGON Could Allow Spoofing
 
MS15-028: 3030377 Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass
 
MS15-029: 3035126 Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure
 
MS15-030: 3039976 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service
 
MS15-031: 3046049 Vulnerability in Schannel Could Allow Security Feature Bypass
 
March 2015 Security Bulletin Resources:
 
March 2015 Bulletin Release Blog Post
Malicious Software Removal Tool: March 2015 Update

 
Security Events and Training
 
The Garage Series for Office 365: Assessing the Top 5 Cloud Security Threats with Mark Russinovich
Learn about the most frequently discussed cloud security threats then listen as Microsoft Technical Fellow Mark Russinovich describes each threat and how Microsoft architects its cloud services to maximize data security and protect against data loss. You'll also get pro tips to help you protect against credential loss and contain the risk of user-driven shadow IT.

Microsoft Ignite
May 4-8, 2015 – Chicago, IL
Ready to explore the latest security and access management technologies? Want to dive deep and learn how to improve the security of your IT infrastructure as well as the devices you manage and the apps you create? Register for Microsoft Ignite 2015 for access to more than 70 sessions on everything from SharePoint data security and next-generation malware detection to secure development best practices for web and cross-platform mobile apps.

Here is just a sample of the sessions you could attend:

Windows 10: Security Internal
Browser Security
How You Can Hack-Proof Your Clients and Servers in a Day
Configuring Corporate-Owned Mobile Devices with Microsoft Intune
Experts Unplugged: Office 365 Security
Microsoft Identity Platform for Developers – Overview and Roadmap


 
 
Essential Tools
 
Microsoft Security Bulletins
 
Microsoft Security Advisories
 
Microsoft Security Development Lifecycle Starter Kit
 
Enhanced Mitigation Experience Toolkit
 
Malicious Software Removal Tool
 
Microsoft Baseline Security Analyzer
Security Centers
 
Security TechCenter
 
Security Developer Center
 
Microsoft Security Response Center
 
Microsoft Malware Protection Center
 
Microsoft Privacy
 
Microsoft Security Product Solution Centers
Additional Resources
 
Microsoft Cybertrust Blog
 
Microsoft Security Intelligence Report
 
Microsoft Security Development Lifecycle
 
Malware Response Guide
 
Security Troubleshooting and Support Resources
 
 
microsoft.com/about/twc Trustworthy Computing
 
 
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2014 Microsoft Corporation Terms of Use | Trademarks

Microsoft respects your privacy. To learn more please read our online Privacy Statement.

If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please click here. These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.

To set your contact preferences for other Microsoft communications click here.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA
 
 

Your cOmment"s Here! Hover Your cUrsOr to leave a cOmment.


Subscribe to: Post Comments (Atom)