SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!

Hello, The baselines for Windows 8.1, IE 11 and Server 2012 are now available for download. You can download these via 2 methods.  The simplest is to open the SCM tool and select the option to "Download Microsoft baselines automatically"   The other option is to download the CAB file manually and import them into…

5

Blocking Remote Use of Local Accounts

The use of local accounts for remote access in Active Directory environments is problematic for a number of reasons. By far, the biggest problem is that when an administrative local account has the same user name and password on multiple machines, an attacker with administrative rights on one machine can easily obtain the account’s password…

11

What's New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11

The attachment on this post describes what's new in the security baseline recommendations for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11, relative to the baselines published for Windows 8, Windows Server 2012 and Internet Explorer 10.  It is included as a Word document in the download from yesterday's announcement blog post.  We are posting the document here…

1

Configuring Account Lockout

We can recommend an ideal configuration for most of the settings in our security guidance. For example, the “Debug programs” privilege should be granted to Administrators and to no one else. For account lockout, however, there is no “one size fits all” setting, but there’s a lot of heated discussion whenever anyone tries to pick…

8

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 since we released the beta version of our guidance last April. This blog post discusses those changes and the reasons for them. Account Lockout Threshold: we’re changing the incorrect-password threshold that…

2

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11. Some of the highlights of the new security baselines (many of which we intend to backport to older versions of Windows and IE): Use of new and existing settings to help block…

27

SCM baselines for Office 2013 have now shipped!

Hello, The Office 2013 SCM baselines are now live and ready for download. There are 2 ways you can download the CAB files.  The simplest will be to open the SCM tool and it will automatically discover that there are new baselines available to download and import and then simply follow the wizard in SCM….


SCM Office 2013 Beta is now live!

Hello,   We have released the SCM beta for Office 2013 on the Connect site.  This is a public beta that anyone can participate in, but it will require you to join the program before you can get access to the files.   To join the program, you will need a LiveID.  To sign up…


Why We’re Not Recommending “FIPS Mode” Anymore

In the latest review of the official Microsoft security baselines for all versions of Windows client and Windows Server, we decided to remove our earlier recommendation to enable “FIPS mode”, or more precisely, the security option called “System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.”  In our previous guidance we had recommended…

22