Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

July, 2014

  • Now Available: Enhanced Mitigation Experience Toolkit (EMET) 5.0

    Today we are pleased to announce  the general availability of our Enhanced Mitigation Experience Toolkit (EMET) 5.0.  It has been almost five years since we released the first version of the tool and so much has changed since then.  Thanks to the overwhelming support, feedback and demand from our community, the tool has evolved quite a bit and now includes a number of new mitigations, expanded compatibility, user friendly UI, additional reporting capabilities, customer support through Microsoft Premier Support Services and more.  Read more

  • #TBT : Be Safer–Run as Standard User

    For #ThrowBackThursday, I thought it would be good to pull out an old but goodie. The original post is from back before the blog evolved into the Microsoft Security Blog and was still called “Jeff Jones Security Blog”. I’m including the full original text below, but this guidance applies today to whatever PC you are running. I hope you enjoy and welcome any comments you might have here or on @MSFTSecurity . Best regards, Jeff Be Safer - Run as Standard User I do my work...
  • New Strategies and Features to Help Organizations Better Protect Against Pass-the-Hash Attacks

    Posted by Matt Thomlinson, Vice President, Microsoft Security

    Today, we released new guidance to help our customers address credential theft, called Mitigating Pass-the-Hash and Other Credential Theft, version 2. The paper encourages IT professionals to “assume breach” to highlight the need for the use of holistic planning strategies and features in Microsoft Windows to become more resilient against credential theft attacks. This paper builds on our previously released guidance and mitigations for Pass-the-Hash (PtH) attacks. 

    Given that organizations must continue to operate after a breach, it is critical for them to have a plan to minimize the impact of successful attacks on their ongoing operations. Adopting an approach that assumes a breach will occur, ensures that organizations have a holistic plan in place before an attack occurs. A planned approach enables defenders to close the seams that attackers are aiming to exploit.

    The guidance also underscores another important point - that technical features alone may not prevent lateral movement and privilege escalation. In order to substantially reduce credential theft attacks, organizations should consider the attacker mindset and use strategies such as identifying key assets, implementing detection mechanisms, and having a breach recovery plan. These strategies can be implemented in combination with Windows features to provide a more effective defensive approach, and are aligned to the well-known National Institute of Standards and Technology (NIST) Cybersecurity Framework.  Read more

  • The Secret of the SDL

    “We all knew what the problems were, but the real issue was, things were getting worse and worse. How were we going to get ahead of this?  That’s what we really had to go fix.” – Steve Lipner, Partner Director of Program Management at Microsoft.

    When researchers at a small firm called eEye Digital Security noticed a nasty self-replicating code known today as “Code Red,” little did they know that this worm named after a flavor of Mountain Dew, would also kick off the tech industry’s best security model.  Its stories like this one, captured in the new in depth magazine “Life in the Digital Crosshairs; the dawn of the Microsoft Security Development Lifecycle,” that chronicles how the Microsoft Security Development Lifecycle (SDL) has been helping public and private organizations for the past 10 years, change their engineering cultures and develop more secure software.

    “Our Secure Product Lifecycle is analogous to Microsoft’s Security Development Lifecycle,” says Brad Arkin, chief security officer at Adobe.  “We value this process and the information it helps protect.” read more