Infrastructure + Security: Noteworthy News (May, 2018)

Hi there! Stanislav Belov is here with the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy! 

Microsoft Azure
Azure confidential computing
The Azure team, alongside Microsoft Research, Intel, Windows, and our Developer Tools group, have been working together to bring Trusted Execution Environments (TEEs) such as Intel SGX and Virtualization Based Security (VBS – previously known as Virtual Secure mode) to the cloud. TEEs protect data being processed from access outside the TEE. We’re ready to share more details about our confidential cloud vision and the work we’ve done since the announcement.
The 3 ways Azure improves your security
As we all know, companies worldwide are challenged by the ongoing volume of evolving security threats and with retaining qualified security talent to respond to these threats. In fact, the average large organization gets 17,000 security alerts each week, which results in an of average 99 days to discover security breaches. That contrasts with the less than 48 hours it takes for security breaches to grow from one system compromised into significantly broader issues.
Manage virtual machine access using just in time
Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
Windows Server
Delegate WMI Access to Domain Controllers

Typically, in the Domain Admins group, you’ll see accounts for monitoring, PowerShell queries, etc. Those typically only need WMI access to pull information to monitor/audit. By following the theory of least privilege, it allows you to still give access needed to watch your infrastructure, without potentially compromising access.

Windows Client
What’s new in the Windows 10 April 2018 Update

With this update, available as a free download today, you get new experiences that help minimize distractions and make the most of every moment by saving you time. Our hope is that you’ll have more time to do what matters most to you whether that’s to create, play, work, or simply do what you love.

Features removed or planned for replacement starting with Windows 10, version 1803

Each release of Windows 10 adds new features and functionality; we also occasionally remove features and functionality, usually because we’ve added a better option. Here are the details about the features and functionalities that we removed in Windows 10, version 1803 (also called Windows 10 April 2018 Update).

Security
Enhancing Office 365 Advanced Threat Protection with detonation-based heuristics and machine learning

Office 365 Advanced Threat Protection (ATP) uses a comprehensive and multi-layered solution to protect mailboxes, files, online storage, and applications against a wide range of threats. Machine learning technologies, powered by expert input from security researchers, automated systems, and threat intelligence, enable us to build and scale defenses that protect customers against threats in real-time.

Finally Remove Insecure LDAP and Protect your Credentials with Project VAST
The problem is with how the client asks for the data. Specifically, in how it binds to the DC. Unless you’ve configured the DC to require signing, many clients are returning unsigned traffic, which is susceptible to replay or attacker-in-the-middle attacks. This may result in nefarious activity, such as modified packets, in which a server or even a person makes decisions based on forged data.
Mail flow insights are available in Security & Compliance center
Admins can use mail flow dashboard in the Office 365 Security & Compliance Center to discover trends, insights and take actions to fix issues related to mail flow in their Office 365 organization.
Security baseline for Windows 10 “April 2018 Update” (v1803)
Microsoft on April 30, 2018, announced the final release of the security configuration baseline settings for Windows 10 April 2018 Update, also known as version 1803, Redstone 4, or RS4.
Building a world without passwords
Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that we’ve been busy at work trying to create a world without them – a world without passwords.
Microsoft Advanced Threat Analytics v1.9 released
We are pleased to announce a new release of Microsoft Advanced Threat Analytics (ATA) version 1.9. This release includes numerous new features and performance enhancements, making it an even more powerful security solution.
Vulnerabilities and Updates
Unable to RDP to Virtual Machine: CredSSP Encryption Oracle Remediation

With the release of the March 2018 Security bulletin, there was a fix that addressed a CredSSP, “Remote Code Execution” vulnerability (CVE-2018-0886) which could impact RDP connections.

.NET Framework May 2018 Security and Quality Rollup

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies

Support Lifecycle
The end of support (EOS) for SQL Server and Windows Server 2008 and 2008 R2 is approaching rapidly:

  • July 9, 2019 – SQL Server 2008 and 2008 R2
  • January 14, 2020 – Windows Server 2008 and 2008 R2
Microsoft Premier Support News
Coming by popular demand from customers having received the POP-Securing Lateral Account Movement (SLAM) offering, the Onboarding Accelerator – Securing Lateral Account Movement – Premium has now been released. This is a multi-week engagement in which Microsoft Premier Field Engineers support you in increasing your resiliency against critical credential theft attacks by implementing core mitigations into your production environments. Each of the services included in the Premium offering consist of a one week engagement which matures your overall mitigation defense against leveraging lateral account movement as a means of a potentially devastating compromise; together these mitigations result in a defense-in-depth approach. Customers may elect to implement all three services (the Premium offering), any one of the individual services by itself, or any combination of the three.
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.