Microsoft

How to configure warning messages for Office 365 emails from external senders

As a security precaution, it’s a good idea to remind your staff not to open attachments from unknown senders. One easy way to implement this in Office 365 is by setting up a mail flow rule in the Exchange admin center. If you have ever set up a Disclaimer mail flow rule, the setup is almost identical. In this tutorial, we’ll cover how to setup your own warning message for all external email sent to users inside your organization. Steps to Configure Attachment Security in Office365 1. Log in to your Office 365 Admin account at: https://portal.office.com 2. Select Admin [...]

By | 2018-12-07T16:32:05+00:00 May 10th, 2018|Microsoft, Phishing, Viruses, Vulnerabilities|Comments Off on How to configure warning messages for Office 365 emails from external senders

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

In the first post I covered best practices for securing service accounts.  In this post, I am going to discuss some key elements in securing priveleged access.  Keep in mind, Microsoft has published a comprehensive guide to securing an Active Directory. Keep in mind that many of these things will require additional work on the front end, but that is usually due to poor existing practices.  Once processes are in place, these key components should not add significant overhead to administrative tasks. No users should regularly reside in Domain Admins (DA) or Enterprise Admins (EA) groups Straight from the horse's mouth: As [...]

By | 2016-03-21T09:57:50+00:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

I recently had a client ask me about our recommendations for securing service accounts within Active Directory.   We talked for a bit, and then I decided to write them down.  This post will have two parts, the first part is for Service Accounts and then the second post will be about privileged accounts. What is the minimum privilege needed? If the account will only use local resources on a single device, use a local account on that device. If the account needs permission to see users, computers, groups etc use a domain service acct. When only read access to [...]

By | 2016-02-18T11:02:18+00:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

Now It’s Microsoft’s Turn, SSL Vulnerability in SCHANNEL

It's official, all major SSL stacks are now vulnerable.  There are already a number of detailed blogs written about this new vulnerability, so I am not going to rewrite all of the details.  I am going to sum it up and bottom line it for you.  Here is a good detailed account of the issue if you are interested. SCHANNEL is to Windows in the same way OpenSSL is to Linux.  It is used in almost all instances where Windows is listening for SSL traffic. Many people are claiming this is something that needs to be pushed out asap, but as [...]

By | 2014-11-21T18:20:21+00:00 November 12th, 2014|Microsoft, Microsoft Security Bulletin, Patches|Comments Off on Now It’s Microsoft’s Turn, SSL Vulnerability in SCHANNEL

Microsoft Security Bulletin: May 2014

Critical Updates: 3 Important Updates: 6 Of the 3 critical updates, all three are likely exploitable according to Microsoft.  Our recommendation is to install all three patches, one of which is the recent out-of-band patch for the Internet Explorer zero-day.  Note: Some of these updates do require a restart. Some of the vulnerabilities, such as one for Microsoft SharePoint Server, have a more limited scope than those targeting IE, such as the updates that address memory corruption vulnerabilities in Internet Explorer. These are more likely to be exploited and will impact many more devices. For more information: https://technet.microsoft.com/library/security/ms14-may    

Internet Explorer Zero Day – Emergency Patch Released, includes XP

UPDATED 5/1/2014: Microsoft has released an emergency out-of-band update for Internet Explorer that resolves this issue.  They are including updates to IE in Windows XP as well.  We recommended deploying this update as soon as possible. Microsoft released an advisory on April 26th: Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been [...]

Windows 8.1, Server 2012 R2 no longer receiving updates

Microsoft has said the Windows 8.1 and Server 2012 R2 will no longer receive updates unless they have the April 2014 updates installed.  In other words, you can wait until November to install the April update, but you will not receive any updates from May until November until the April patch is installed. In a recent security update from Microsoft, Steve Thomas at Microsoft posted a TechNet article stating that Microsoft will no longer issue security patches for Windows 8.1 or Windows Server 2012 R2, starting in May, because "Microsoft wants to ensure that customers benefit from the best support and [...]

By | 2014-04-23T14:19:54+00:00 April 23rd, 2014|Computer & Network Security, Microsoft, Patches|0 Comments

Microsoft Word Zero Day – Confirmed Attacks

Microsoft released a zero-day advisory for Microsoft Word.  According to Microsoft, "At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer." A patch should be released on April 8th, Patch Tuesday. For now, an immediate mitigation is to Disable opening RTF content in Microsoft Word, which prevents the exploitation of this issue [...]

March 2014 Microsoft Security Bulletin Release

For this month’s round of patches Microsoft has released five new security bulletins, two of which are for critical vulnerabilities.  The first critical update is a cumulative security update which resolves numerous vulnerabilities that could allow remote code execution in both workstation and server operating systems.  The second update is an update specifically for Microsoft DirectShow which could also allow remote code execution in both workstation and server operating systems. In addition to the security bulletins, Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool, and re-released a security advisory update for vulnerabilities in Adobe [...]

Microsoft January Security Bulletin

Today Microsoft released four security bulletins. All five have a maximum severity rating of Important. Source:https://technet.microsoft.com/en-us/security/bulletin/ms14-jan