Uncategorized

Microsoft Windows Defender ATP

What’s new in Windows Defender ATP Fall Creators Update:
When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer a set of new prevention capabilities designed to stop attacks as they happen and before they have impact. This means that our service will expand beyond detection, investigation, and response, and will now allow companies to use the full power of the Windows security stack for preventative protection. The stack will be powered by our cloud-based security intelligence, which moves us from a world of isolated defenses to a smart, interconnected, and coordinated defense grid that is more intelligent, simple to manage, and ever-evolving. We will also provide a single pane of glass experience for security professionals. This means that security management (SecMgmt) teams can easily configure a broad set of Windows security stack technologies through an integrated configuration management experience. Security operations (SecOps) teams get full visibility into their Windows endpoint security and a rich toolset to take action using the Windows Defender ATP console. This will not only give companies a full picture of what’s happening on their endpoints, but will also put them in the driver seat to quickly react to threats as they happen. Leveraging our cloud-based security intelligence gives the optics, context, and tools that companies need to quickly investigate and remediate incidents. Here are some highlights of the Windows Fall Creators Update:[…]

https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/

https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp

 

Standard
Uncategorized

Adaptiva Secure 10: BIOS to UEFI

New registration-required freeware from Adaptiva:

Adaptiva’s free Secure 10 is a complete automation solution for ConfigMgr admins to make the BIOS to UEFI conversion process simple and unattended. With Secure 10, migrations take much less time and no IT staff need to be on-site during the process. Now including support for new MBR2GPT.exe tool for retaining data while making the switch, as well as ConfigMgr 1610+ WinPE boot image pre-staging. Also new: two complete task sequences to save time integrating into your deployments! […] The open solution includes detailed documentation to help SCCM system administrators overcome the complexities of automating the conversion from:

* BIOS to UEFI – Secure 10 automates the conversion process from the legacy BIOS firmware typically used in Windows 7/8 systems to the more powerful Unified Extensible Firmware Interface (UEFI) technology. UEFI is required to enable key enterprise security features available in Windows 10.

* MBR to GPT – Secure 10 now includes support for the MBR2GPT.exe tool, which helps convert the disk layout on a PC from the legacy Master Boot Record (MBR) to GUID Partition Table (GPT). The new tool is the only Microsoft-supported tool to convert a production disk from MBR to GPT without data loss, greatly speeding in-place upgrades to Windows 10.

* WinPE Pre-staging – Microsoft recently introduced the capability to pre-stage a WinPE boot image to a partition from within an SCCM Task Sequence and have that image persist during the conversion from MBR to GPT. Secure 10 supports this capability for refresh/replace scenarios.

https://www.adaptiva.com/blog/2017/adaptiva-releases-bios-uefi-solution-update-speed-windows-10-migrations/

Standard
Uncategorized

Hardware is the new software

https://twitter.com/binitamshah/status/875375226690863105

Hardware is the new software
Andrew Baumann, Microsoft Research

Moore’s Law may be slowing, but, perhaps as a result, other measures of processor complexity are only accelerating. In recent years, Intel’s architects have turned to an alphabet soup of instruction set extensions such as MPX, SGX, MPK, and CET as a way to sell CPUs through new security features. Unlike prior extensions, which mostly focused on accelerating user-mode data processing, these new features exhibit complex interactions and give system designers plenty to think about. This calls for a rethink of how we approach the instruction set. In this paper we highlight some of the challenges arising from recent security-focused extensions, and speculate about the longer-term implications.

 

https://www.microsoft.com/en-us/research/wp-content/uploads/2017/05/baumann-hotos17.pdf

Standard
Uncategorized

Mike on Windows Config Mgr and Secure Boot

Mike Terrill has 2 blog posts on Windows Configuration Manager and UEFI Secure Boot:

BIOS and Secure Boot State Detection during a Task Sequence
With all of the security issues and malware lately, BIOS to UEFI for Windows 10 deployments is becoming a pretty hot topic (unless you have been living under a rock, UEFI is required for a lot of the advanced security functions in Windows 10). In addition, with the Windows 10 Creators Update, Microsoft has introduced a new utility called MBR2GPT that makes the move to UEFI a non-destructive process. If you have already started deploying Windows 10 UEFI devices, it can be tricky to determine what state these devices are in during a running Task Sequence. The Configuration Manager Team introduced a new class called SMS_Firmware and inventory property called UEFI that helps determine which computers are running in UEFI in Current Branch 1702. This can be used to build queries for targeting and reports, but it would be nice to handle this plus Secure Boot state (and CSM) during a running Task Sequence. We do have the Task Sequence variable called _SMSTSBootUEFI that we will use, but we need to determine the exact configuration in order to execute the correct steps.[…]

https://miketerrill.net/2017/05/13/bios-and-secure-boot-state-detection-during-a-task-sequence/

https://miketerrill.net/2017/05/30/bios-and-secure-boot-state-detection-during-a-task-sequence-part-2/

 

Standard
Uncategorized

Microsoft on malware use of Intel AMT

If you thought the recent Intel AMT security issues was just theoretical, here’s an example of malware using AMT.

https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?platform=hootsuite

Standard
Uncategorized

Microsoft WinHEC Taipei 2017

Welcome to WinHEC June 2017 Registration
The Windows Hardware Engineering Community (WinHEC) is where technical experts from around the world, and Microsoft, come together to make Windows great for every customer. Our next WinHEC event is June 14th and 15th in Taipei, Taiwan. The workshop will feature sessions and a lab for developers, product managers and planners to help prepare for Windows 10 S and to showcase the benefits of adopting key hardware features. Presentations will include: Introduction to Universal Drivers, Universal Developer Center for Hardware and Driver Servicing, Driver Flighting end-to-end, Windows Ink, Windows 10 Mixed Reality, Designing and Optimizing for Long Battery Life and Responsive Windows Devices, Windows Hello, and Developer Platform Updates. We will also have a guided, hands-on lab to explore and practice the concepts covered in the Introduction to Universal Driver session.

https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x19594336ecd

 

Standard
Uncategorized

Microsoft Surface devices and Intel AMT

During the initial Intel AMT bug report, Xeno of Apple tweeted that Apple didn’t use AMT.

Recently, Microsoft has also stated that the Surface devices don’t use AMT:

https://blogs.technet.microsoft.com/surface/2017/06/01/intel-amt-vulnerability-and-surface-devices/

https://www.thurrott.com/mobile/microsoft-surface/117346/surface-devices-not-vulnerable-intel-amt-exploit

 

Standard