Archive

Archive for July, 2014

How to sign into devices that don’t accept security codes

July 31st, 2014 No comments

Two-step verification makes it more difficult for hackers to access your account, even when they have your password. If you turn on two-step verification, you’ll see an extra page every time you sign in on a device that isn’t trusted. The extra page prompts you to enter a security code to sign in. 

When you turn on two-step verification for your Microsoft account, it turns on two-step verification for all the places where you sign in with your Microsoft account. However, some apps (like the email apps on some smartphones) or devices (like the Xbox 360 console) can’t prompt you to enter a security code when you try to sign in, so they display an incorrect password or account error.

For example, if you’ve just turned on two-step verification, you might see the following error code and message when you try to sign in to Xbox Live: 

Account does not exist. 
Status Code: 8015D002

Create a unique app password to sign in

If you get an error like the one above with an app or device, you’ll need to create a unique app password to sign in. Once you’ve signed in with your app password, you can use that app or device. You’ll need to create and sign in with an app password one time for each app or device that can’t prompt you for a security code.

  1. Sign in to your Microsoft account.
  2. Under Password and security info, tap or click Edit security info.

If you’re prompted for a security code here, enter it and tap or click Submit.

  1. Under App passwords, tap or click Create a new app password.

A new app password is generated and appears on your screen.

  1. Switch to the app or device for which you need the password, and enter the app password that was generated.

To learn more about signing in to specific devices, see App passwords and two-step verification.

Get more answers to your questions about two-step verification

Categories: Microsoft, passwords Tags:

General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0

July 31st, 2014 No comments

Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit (EMET) 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might use in comprising systems. EMET 5.0 further helps to protect with two new mitigations, and with new capabilities giving customers additional flexibility on their deployments.

EMET helps to protect systems, even before new and undiscovered threats are formally addressed by security updates and antimalware software.

This is what some customers have said about EMET:

"EMET is not a policy-changing tool, but it might just be that additional piece of security software that is worth investing in.” – Wolfgang Kandek, Qualys, Windows EMET Tool Guards Against Java Exploits, 2014

“(The Java- and plugin-blocking feature should) effectively stymie most of the historical attack methods related to Java and Flash. Those two applications have historically caused a lot of heartburn for security teams." – Andrew Storms, CloudPassage, Windows EMET Tool Guards Against Java Exploits, 2014

 

Let’s take a look at some of the key new capabilities in EMET 5.0:

Two new mitigations further expand EMET protections

Enhanced with the feedback that we received from EMET 5.0 technical preview participants, two new mitigations become generally available today.

First, the new Attack Surface Reduction (ASR) mitigation provides a mechanism to help block specific modules or plug-ins within an application, in certain conditions. For example, customers can now configure EMET to prevent their browser from loading Java plug-ins on external websites, while still continuing to allow Java plug-ins on their internal company websites.

Second, the brand new Export Address Table Filtering Plus (EAF+) mitigation introduces two new methods for helping disrupt advanced attacks. For example, EAF+ adds a new “page guard” protection to help prevent memory read operations, commonly used as information leaks to build exploitations.

Also, with 5.0, four EMET mitigations become available on 64-bit platforms. You can read more on that and find a deep dive of all the new features on our Security Research and Defense (SRD) Blog.

New configuration options deliver additional flexibility

EMET 5.0 offers new user interface (UI) options so that customers can configure how each mitigation applies to applications in their environment, taking into account their enterprise frameworks and requirements. For example, users can configure which specific memory addresses to protect with the HeapSpray Allocation mitigation using EMET 5.0. We continue to provide smart defaults for many of the most common applications used by our customers.

Many enterprise IT professionals deploy EMET through Microsoft System Center Configuration Manager and apply Group Policies in Windows Active Directory to comply with enterprise account, user, and role policies. With version 5.0, propagating EMET configuration changes via Group Policy becomes even easier, as we have improved how EMET handles configuration changes, when applied in an enterprise network.

The new Microsoft EMET Service is another feature our enterprise customers will find helpful in monitoring status and logs of any suspicious activity. With this new service, our customers can use industry standard processes, such as Server Manager Dashboard of Windows Server, for monitoring.

Additionally, with EMET 5.0, we have improved the Certificate Trust feature, allowing users to turn on a setting, in order to block navigation to websites with untrusted, fraudulent certificates, helping protect from Man-In-The-Middle attacks.

New default settings provide protections from the get-go

EMET’s Deep Hooks capability helps protect the interactions between an application and the operating system. In EMET 5.0, Deep Hooks is turned on by default, helping provide stronger protections by default. Furthermore, this default setting is now compatible with a wider range of productivity, security and business software.

Since we released EMET 5.0 Technical Preview in February this year, our customers and the community showed strong interest. Through user forums and Microsoft Premier Support Services, which assists enterprise EMET users, we received valuable feedback to shape the product roadmap ahead.

In the same lines, we invite you to download EMET 5.0 and let us know what you think.

Protect your enterprise. Deploy EMET today.

Thanks,

Chris Betz
Senior Director, MSRC

Categories: EMET, Mitigations Tags:

General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0

July 31st, 2014 No comments

Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit (EMET) 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might use in comprising systems. EMET 5.0 further helps to protect with two new mitigations, and with new capabilities giving customers additional flexibility on their deployments.

EMET helps to protect systems, even before new and undiscovered threats are formally addressed by security updates and antimalware software.

This is what some customers have said about EMET:

"EMET is not a policy-changing tool, but it might just be that additional piece of security software that is worth investing in.” – Wolfgang Kandek, Qualys, Windows EMET Tool Guards Against Java Exploits, 2014

“(The Java- and plugin-blocking feature should) effectively stymie most of the historical attack methods related to Java and Flash. Those two applications have historically caused a lot of heartburn for security teams." – Andrew Storms, CloudPassage, Windows EMET Tool Guards Against Java Exploits, 2014

 

Let’s take a look at some of the key new capabilities in EMET 5.0:

Two new mitigations further expand EMET protections

Enhanced with the feedback that we received from EMET 5.0 technical preview participants, two new mitigations become generally available today.

First, the new Attack Surface Reduction (ASR) mitigation provides a mechanism to help block specific modules or plug-ins within an application, in certain conditions. For example, customers can now configure EMET to prevent their browser from loading Java plug-ins on external websites, while still continuing to allow Java plug-ins on their internal company websites.

Second, the brand new Export Address Table Filtering Plus (EAF+) mitigation introduces two new methods for helping disrupt advanced attacks. For example, EAF+ adds a new “page guard” protection to help prevent memory read operations, commonly used as information leaks to build exploitations.

Also, with 5.0, four EMET mitigations become available on 64-bit platforms. You can read more on that and find a deep dive of all the new features on our Security Research and Defense (SRD) Blog.

New configuration options deliver additional flexibility

EMET 5.0 offers new user interface (UI) options so that customers can configure how each mitigation applies to applications in their environment, taking into account their enterprise frameworks and requirements. For example, users can configure which specific memory addresses to protect with the HeapSpray Allocation mitigation using EMET 5.0. We continue to provide smart defaults for many of the most common applications used by our customers.

Many enterprise IT professionals deploy EMET through Microsoft System Center Configuration Manager and apply Group Policies in Windows Active Directory to comply with enterprise account, user, and role policies. With version 5.0, propagating EMET configuration changes via Group Policy becomes even easier, as we have improved how EMET handles configuration changes, when applied in an enterprise network.

The new Microsoft EMET Service is another feature our enterprise customers will find helpful in monitoring status and logs of any suspicious activity. With this new service, our customers can use industry standard processes, such as Server Manager Dashboard of Windows Server, for monitoring.

Additionally, with EMET 5.0, we have improved the Certificate Trust feature, allowing users to turn on a setting, in order to block navigation to websites with untrusted, fraudulent certificates, helping protect from Man-In-The-Middle attacks.

New default settings provide protections from the get-go

EMET’s Deep Hooks capability helps protect the interactions between an application and the operating system. In EMET 5.0, Deep Hooks is turned on by default, helping provide stronger protections by default. Furthermore, this default setting is now compatible with a wider range of productivity, security and business software.

Since we released EMET 5.0 Technical Preview in February this year, our customers and the community showed strong interest. Through user forums and Microsoft Premier Support Services, which assists enterprise EMET users, we received valuable feedback to shape the product roadmap ahead.

In the same lines, we invite you to download EMET 5.0 and let us know what you think.

Protect your enterprise. Deploy EMET today.

Thanks,

Chris Betz
Senior Director, MSRC

Categories: EMET, Mitigations Tags:

2915720 – Changes in Windows Authenticode Signature Verification – Version: 1.4

Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.
Summary: Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will only be enabled on an opt-in basis. When enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure, and Windows will no longer recognize non-compliant binaries as signed.

Categories: Uncategorized Tags:

HOW TO: Remove the MS Removal Tool

July 29th, 2014 No comments

The “MS Removal Tool” or MSRemovalTool is malware. It is not a Microsoft product. This kind of malware is known as “rogue security software” because it imitates a real product. In this case, the Microsoft Malicious Software Removal Tool.

If you’re infected with this malware you might see a MS Removal Tool window when you start your computer and you might not be able to access your desktop. You might not be able to start Task Manager, and you might not be able to open Internet Explorer or any other programs.

The window might look like this:

The warning in your notification area might look like this:

Microsoft security software detects and removes this threat, but if you already have it you might need to boot your computer into Safe Mode in order to remove it.

Learn how to remove the MS Removal Tool

 

 

2915720 – Changes in Windows Authenticode Signature Verification – Version: 1.4

Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.
Summary: Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will only be enabled on an opt-in basis. When enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure, and Windows will no longer recognize non-compliant binaries as signed.

Categories: Uncategorized Tags:

Cumulative Security Update for Internet Explorer – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (July 29, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4066 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves one publicly disclosed vulnerability and twenty-four privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

Microsoft Security Bulletin Summary for July 2014 – Version: 1.1

Revision Note: V1.1 (July 29, 2014): For MS14-037, added an Exploitability Assessment in the Exploitability Index for CVE-2014-4066. This is an informational change only.
Summary: This bulletin summary lists security bulletins released for July 2014.

Categories: Uncategorized Tags:

Vulnerability in Windows Could Allow Remote Code Execution – Version: 1.6

Severity Rating: Critical
Revision Note: V1.6 (July 29, 2014): Revised bulletin to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.

Categories: Uncategorized Tags:

Changes in Windows Authenticode Signature Verification – Version: 1.4

Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.
Summary: Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will only be enabled on an opt-in basis. When enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure, and Windows will no longer recognize non-compliant binaries as signed.

Categories: Uncategorized Tags:

MS13-098 – Critical: Vulnerability in Windows Could Allow Remote Code Execution (2893294) – Version: 1.6

Severity Rating: Critical
Revision Note: V1.6 (July 29, 2014): Revised bulletin to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.

Categories: Uncategorized Tags:

MS14-JUL – Microsoft Security Bulletin Summary for July 2014 – Version: 1.1

Revision Note: V1.1 (July 29, 2014): For MS14-037, added an Exploitability Assessment in the Exploitability Index for CVE-2014-4066. This is an informational change only.
Summary: This bulletin summary lists security bulletins released for July 2014.

Categories: Uncategorized Tags:

2915720 – Changes in Windows Authenticode Signature Verification – Version: 1.4

Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.
Summary: Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will only be enabled on an opt-in basis. When enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure, and Windows will no longer recognize non-compliant binaries as signed.

Categories: Uncategorized Tags:

MS14-037 – Critical: Cumulative Security Update for Internet Explorer (2975687) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (July 29, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4066 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves one publicly disclosed vulnerability and twenty-four privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

MS14-036 – Critical: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487) – Version: 1.2

Severity Rating: Critical
Revision Note: V1.2 (July 28, 2014): Corrected the update replacements for the Windows Vista (Windows GDI+) (2957503) update and the Windows Server 2008 (Windows GDI+) (2957503) update. This is an informational change only.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user opens a specially crafted file or webpage. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

What you need to know about privacy and security in OneDrive

July 24th, 2014 No comments

OneDrive is free online storage that’s built into Windows 8.1 and Windows RT 8.1. Add files from your PC to OneDrive, and then easily access your photos, music, documents, and other files on all the devices you use.

How you can help protect your privacy and security in OneDrive

Create a strong password for your Microsoft Account. You sign into OneDrive with your Microsoft Account. Here is some basic guidance on how to create a strong password for that account. Different sites have different rules for passwords that they’ll accept, but this guidance should work anywhere you need to create a password:

  • Length. Make your passwords at least eight (8) characters long.
  • Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites. Check the strength of your password.

Manage who can view or edit your OneDrive files. By default, your OneDrive files are available to you, although you can choose to share photos, documents, and other files. To share files or folders, right-click them and choose how you want to share them.

Add security info to your Microsoft account. You can add information like your phone number, an alternate email address, and a security question and answer to your account. That way, if you ever forget your password or your account gets hacked, we can use your security info to verify your identity and help you get back into your account. Go to the Security info page.

Use two-step verification. This helps protect your account by requiring you to enter an extra security code whenever you sign in on a device that isn’t trusted. For more information about two-step verification, see Two-step verification: FAQ.

Back up your OneDrive files. For details about using File History in Windows, see Set up a drive for File History.

For more information about how Microsoft helps keep your files safe in the cloud, see Privacy in OneDrive.

Is Windows Security Center real or rogue?

July 22nd, 2014 No comments

A reader writes:

What kind of warnings from Windows Security Center are real, and what should I do about them?

Windows Security Center is a feature that was introduced in Windows XP Service Pack 2 and was also included in Windows Vista. (Action Center replaced Windows Security Center in Windows 7.)

Security Center checks the security status on your computer, including:

  • Firewall settings

  • Windows automatic updating

  • Antivirus software settings

  • Internet security settings

  • User Account Control settings

If Security Center detects a security problem, it displays a notification and puts a Security Center icon  in the notification area. Click the notification or double-click the Security Center icon Security Center Icon to open Security Center and get information about how to fix the problem.

Is Windows Security Center a virus?

In the years since Security Center was introduced, cybercriminals have created several different kinds of malware that look like Security Center or have the same name. If you have this malware on your computer, it might lure you into a fraudulent transaction, steal your personal information, or slow down your computer. This kind of malware is called “rogue security software.” Learn how to spot and avoid these fake virus alerts.

How do I know if the warnings are real?

  1. If you think a warning looks suspicious, the first thing you can do is run antivirus software on your computer, which might let you know if you have a virus. Learn more about antivirus software for your operating system.
  2. To check your knowledge of real security warnings and fake security warnings, and to learn how to help protect your computer and personal information, take our quiz.

2982792 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.0

Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.
Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Categories: Uncategorized Tags:

9 ways to stay safe online this summer

July 17th, 2014 No comments

Summer is in full swing. Here are our best safety and security tips for the season.

  1. Don’t broadcast vacation plans on your social networking sites. If you’re leaving your home unoccupied and at risk for potential burglary, you might want to wait to post your vacation photographs until you return home. Get more tips for email and social networking safety.

  2. Limit who knows your location. Before you go on vacation, take a few minutes to adjust settings for sharing your location on your social networking sites and any apps on your smartphone. If you have kids who go online, make sure they know this, too. For more information, see Use location services more safely.

  3. Set computer and device rules for when you’re not around. If your kids are old enough to stay home alone when they’re not at school, make sure you talk to them about Internet safety. Download our tip sheet for pointers to jump-start—or continue—online safety conversations.

  4. Learn how to use parental controls. All Microsoft products include built-in privacy controls and safeguards that put you in charge of your children’s entertainment experiences and allow you to customize how personal information is, or is not, shared. Get step-by-step guidance on how to switch on safety settings across Microsoft technology and devices at home.

  5. Stay safe when playing games online. If your children’s summer sport of choice is the Xbox, Xbox One, Kinect, or other online or console game, learn about the core family safety features of Xbox One and find other ways to help kids play it safe.

  6. Update your software on your laptop or tablet. Before you go on vacation, make sure all your software is updated, to help prevent problems caused by hackers. If your laptop is still running Windows XP, read about the end of support for Windows XP.

  7. Check the security level of public Wi-Fi networks before you use them. Choose the most secure connection—even if that means you have to pay for access. A password-protected connection (ideally one that is unique for your use) is better than one without a password. Both Windows 7 and Windows 8 can help you evaluate and minimize network security risks.

  8. Avoid typing sensitive information on your laptop using an unsecured wireless connection. If possible, save your financial transactions for after your summer vacation on a secured home connection. For more information, see How to know if a financial transaction is secure.

  9. Watch out for suspicious messages from your friends on vacation asking for money. This is a common scam cybercriminals use when they’ve hacked into someone’s account. Find a different way to contact your friend. Learn more about scam email messages.

2982792 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.0

Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.
Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Categories: Uncategorized Tags: