Wednesday, March 23, 2016

Microsoft Security Newsletter - March 2016



 
 
March 2016
Microsoft Security Newsletter
 
 
Spring is here, and so is March's Security Newsletter!
I spoke at the Cloud Security Alliance Summit held in San Francisco a few weeks ago and had the opportunity to participate in a panel discussion on cloud security, and to discuss lessons learned from a cloud services provider's point of view. The panel was moderated by Robert Herjavec, CEO of the Herjavec Group and star of ABC's Shark Tank. Robert was a gracious and fun moderator to work with; I survived the panel without a shark bite!

The next day, Brad Smith, Microsoft President and Chief Legal Officer, delivered a keynote at the RSA Conference on "Trust in the Cloud in Tumultuous Times". There were several Microsoft sessions throughout the week at the conference, including SaaS Attacks Happen: How Cloud Scale Changes the Security Game and Mark Russinovich's Machine Learning and the Cloud: Disrupting Threat Detection and Prevention.

The theme of this month's newsletter is enterprise mobility – a topic that I know so many CIOs and CISOs are interested in. Brad Anderson, Corporate Vice President, Enterprise and Client Mobility has been blogging a lot on this topic and I always learn something from him. I recommend checking out his In the Cloud blog and the resources featured in this month's newsletter for tips on security, mobile device management, and more.

Tim Rains Best regards,
Tim Rains
Director, Security, Microsoft

Want to share this newsletter with a friend or colleague? Click here for the online edition and subscription options.
Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas.

 
Top Stories
 
Progress Report: Enterprise Security for Our Mobile-First, Cloud-First World
Learn about new Microsoft security capabilities, products and features designed to help our customers accelerate the adoption of a more holistic security posture that helps protect, detect and respond to modern security threats.

Microsoft Bounty Programs Announce Expansion – Bounty for Microsoft OneDrive
Microsoft OneDrive has now been added to the Microsoft Online Services Bug Bounty Program. The bounty program enables individuals across the globe to earn a bounty on submitted vulnerabilities for participating services and products provided by Microsoft. Learn more about this opportunity.

New Secure Development at Microsoft Blog
Check out this new developer-focused security blog for information about new security tools, services, open source projects, and best development practices. Blog posts will be written by Microsoft engineers to give you the right level of technical depth you need to integrate security assurance into your projects right away.

The Trusted Cloud: What Do Privacy and Control Really Mean?
The cloud is a powerful game-changer for businesses all over the world, but with that power comes great responsibility. Managing the volume, variety, and disparate sources of data generated through mobile devices and other activities is a global challenge for your enterprise. Explore Microsoft's Trusted Cloud principles.

 
Security Guidance
Microsoft Enterprise Mobility Suite 30-Day Trial
Test drive Microsoft Enterprise Mobility Suite (EMS) free for 30 days. Your free trial will include Azure Active Directory Premium, Microsoft Intune, and Azure Rights Management.

Windows 10 Mobile Security Guide
Get a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security. Looking for more information? Learn about settings and quick actions that can be locked down in Windows 10 Mobile then learn how to configure Windows 10 Mobile using Lockdown XML or manage identity verification using Microsoft Passport. For details on how to deploy, configure, maintain, and support phones and small tablets running Windows 10 Mobile, see Windows 10 Mobile and mobile device management.

Mobile Device Management Design Considerations Guide
Learn how to understand your MDM design requirements and find steps and tasks that you can follow to design a MDM solution that best fits the business and technology needs for your organization.

Protect Data and Devices with Microsoft Intune
Find a quick overview of common user scenarios that might present a danger to your network and data, then move on to detailed guidance on how you can protect against them using Microsoft Intune.

What Is Azure RemoteApp?
Azure RemoteApp helps you provide secure, remote access to applications from many different user devices. Explore real world scenarios, best practices, and tips on how to create either a cloud or hybrid collection of Azure RemoteApp.

Microsoft EMS Resources
Find how-to sessions to help you leverage enterprise mobility technologies and read real use cases to help you plan and build enterprise mobility into your infrastructure.

Microsoft Advanced Threat Analytics
Microsoft Advanced Threat Analytics (ATA) helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. Find out how it works and what threats it looks for, and get answers to common questions. Want to deploy ATA in your organization? Read the deployment guide and operations guide for step-by-step instructions.

 
This Month's Security Bulletins
 
March 2016 Security Bulletins

Critical
 
MS16-023: 3142015 Cumulative Security Update for Internet Explorer
 
MS16-024: 3142019 Cumulative Security Update for Microsoft Edge
 
MS16-026: 3143148 Security Update for Graphic Fonts to Address Remote Code Execution
 
MS16-027: 3143146 Security Update for Windows Media to Address Remote Code Execution
 
MS16-028: 3143081 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution
 
MS16-036: 3144756 Security Update for Adobe Flash Player

Important
 
MS16-025: 3140709 Security Update for Windows Library Loading to Address Remote Code Execution
 
MS16-029: 3141806 Security Update for Microsoft Office to Address Remote Code Execution
 
MS16-030: 3143136 Security Update for Windows OLE to Address Remote Code Execution
 
MS16-031: 3140410 Security Update for Microsoft Windows to Address Elevation of Privilege
 
MS16-032: 3143141 Security Update for Secondary Logon to Address Elevation of Privilege
 
MS16-033: 3143142 Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege
 
MS16-034: 3143145 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege
 
MS16-035: 3141780 Security Update for .NET Framework to Address Security Feature Bypass
 
March 2016 Security Bulletin Resources:
 
March 2016 Security Update Release Summary
Malicious Software Removal Tool: March 2016 Update

 
Security Events and Training
 
Can't Miss! Microsoft Virtual Security Summit
March 29, 2016 – 9:00AM Pacific Time

With the threat of cyberattacks against corporations, government agencies and nonprofits looming, it's imperative to understand how cybercriminals have evolved and learn best practices to keep your organization safe. Join us to hear from leading security experts who can equip you with the tools and knowledge necessary to protect your organization. Reserve your spot now!

Enterprise Mobility Suite: Beyond "Bring Your Own Device"
Get an in-depth look at supporting services and infrastructure to further implement, manage, and protect your technology assets through on-premises and user-owned technologies and devices.

Anatomy of a Breach: How Hackers Break In
Do you know how a security breach actually happens? How hackers get a foothold, and what they do once they're in? Watch this webinar for information to learn about common ways hackers get into your network, how hackers set up and manage long-term attacks, and the steps you can take to prevent an attack.

TechNet Virtual Conference: Security and Patching Vulnerabilities
Get the latest insights and guidance on patching vulnerabilities with this on demand session from Tim Rains.

 
 
Essential Tools
 
Microsoft Security Bulletins
 
Microsoft Security Advisories
 
Microsoft Security Development Lifecycle Starter Kit
 
Enhanced Mitigation Experience Toolkit
 
Malicious Software Removal Tool
 
Microsoft Baseline Security Analyzer
Security Centers
 
Security TechCenter
 
Security Developer Center
 
Microsoft Security Response Center
 
Microsoft Malware Protection Center
 
Microsoft Privacy
 
Microsoft Security Product Solution Centers
Additional Resources
 
Microsoft Cybertrust Blog
 
Microsoft Azure Security Blog
 
Microsoft Security Intelligence Report
 
Microsoft Security Development Lifecycle
 
Malware Response Guide
 
Security Troubleshooting and Support Resources
 
 
technet.microsoft.com/security  
 
 
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2016 Microsoft Corporation Terms of Use | Trademarks

Microsoft respects your privacy. To learn more please read our online Privacy Statement.

If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please click here. These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.

To set your contact preferences for other Microsoft communications click here.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA
 
 

Your cOmment"s Here! Hover Your cUrsOr to leave a cOmment.


Subscribe to: Post Comments (Atom)