diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index 1bc4e0ffb8..d65d59a04d 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -247,9 +247,9 @@ This policy allows you to specify how your client(s) can discover Delivery Optim - 1 = DHCP Option 235. - 2 = DHCP Option 235 Force. -with either option, the client will query DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if set. +With either option, the client will query DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if set. -Set this policy to designate one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. You can add one or more value either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address by commas. +Set this policy to designate one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. Specify the custom DHCP option on your server as *text* type. You can add one or more values as either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address with commas. > [!NOTE] > If you format the DHCP Option ID incorrectly, the client will fall back to the Cache Server Hostname policy value if that value has been set. diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index c2913b23a2..1d2ce21e5e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -65,6 +65,7 @@ ##### [Remediate vulnerabilities](microsoft-defender-atp/tvm-remediation.md) ##### [Exceptions for security recommendations](microsoft-defender-atp/tvm-exception.md) ##### [Plan for end-of-support software](microsoft-defender-atp/tvm-end-of-support-software.md) +##### [Mitigate zero-day vulnerabilities](microsoft-defender-atp/tvm-zero-day-vulnerabilities.md) #### [Understand vulnerabilities on your devices]() ##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md) ##### [Vulnerabilities in my organization](microsoft-defender-atp/tvm-weaknesses.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 7687279880..a6b6b5a359 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb audience: ITPro -ms.date: 08/25/2020 +ms.date: 11/05/2020 ms.reviewer: v-maave manager: dansimp ms.custom: asr @@ -42,7 +42,7 @@ Apps can also be manually added to the trusted list via Configuration Manager an Controlled folder access is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware). In a ransomware attack, your files can get encrypted and held hostage. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. -The protected folders include common system folders, and you can [add additional folders](customize-controlled-folders.md#protect-additional-folders). You can also [allow apps](customize-controlled-folders.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders. +The protected folders include common system folders (including boot sectors), and you can [add additional folders](customize-controlled-folders.md#protect-additional-folders). You can also [allow apps](customize-controlled-folders.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders. You can use [audit mode](audit-windows-defender.md) to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Test ground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png new file mode 100644 index 0000000000..1957e7f571 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-patch.jpg b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-patch.jpg new file mode 100644 index 0000000000..e0fa906808 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-patch.jpg differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-security-recommendation.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-security-recommendation.png new file mode 100644 index 0000000000..a1f9e7d70a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-security-recommendation.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout-400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout-400.png new file mode 100644 index 0000000000..04b9835601 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout-400.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout.png new file mode 100644 index 0000000000..941dd99ba8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-inventory.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-inventory.png new file mode 100644 index 0000000000..b4b4696b61 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-inventory.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-page.png new file mode 100644 index 0000000000..b3fd3b18a8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-page.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png new file mode 100644 index 0000000000..094e2a7992 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-weakness-name.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-weakness-name.png new file mode 100644 index 0000000000..ac2610fdaa Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-weakness-name.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md new file mode 100644 index 0000000000..d35a04e615 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md @@ -0,0 +1,103 @@ +--- +title: Mitigate zero-day vulnerabilities - threat and vulnerability management +description: Learn how to find and mitigate zero-day vulnerabilities in your environment. +keywords: mdatp tvm zero day vulnerabilities, tvm, threat & vulnerability management, zero day, 0-day, mitigate 0 day vulnerabilities, vulnerable CVE +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: ellevin +author: levinec +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint +ms.topic: article +--- + +# Mitigate zero-day vulnerabilities - threat and vulnerability management + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) + +A zero-day vulnerability is a publicly disclosed vulnerability for which no official patches or security updates have been released. Zero-day vulnerabilities often have high severity levels and are actively exploited. + +Threat and vulnerability management will only display zero-day vulnerabilities it has information about. + +## Find information about zero-day vulnerabilities + +Once a zero-day vulnerability has been found, information about it will be conveyed through the following experiences in the Microsoft Defender Security Center. + +### Threat and vulnerability management dashboard + +Look for recommendations with a zero-day tag in the “Top security recommendations” card. + +![Top recommendations with a zero-day tag.](images/tvm-zero-day-dashboard.png) + +Find top software with the zero-day tag in the "Top vulnerable software" card. + +![Top vulnerable software with a zero-day tag.](images/tvm-zero-day-top-vulnerable-software.png) + +### Weaknesses page + +Look for the named zero-day vulnerability along with a description and details. + +- If this vulnerability has a CVE-ID assigned, you’ll see the zero-day label next to the CVE name. + +- If this vulnerability has no CVE-ID assigned, you will find it under an internal, temporary name that looks like “TVM-XXXX-XXXX”. The name will be updated once an official CVE-ID has been assigned, but the previous internal name will still be searchable and found in the side-panel. + +![Zero day example for CVE-2020-17087 in weaknesses page.](images/tvm-zero-day-weakness-name.png) + +### Software inventory page + +Look for software with the zero-day tag. Filter by the "zero day" tag to only see software with zero-day vulnerabilities. + +![Zero day example of Windows Server 2016 in the software inventory page.](images/tvm-zero-day-software-inventory.png) + +### Software page + +Look for a zero-day tag for each software that has been affected by the zero–day vulnerability. + +![Zero day example for Windows Server 2016 software page.](images/tvm-zero-day-software-page.png) + +### Security recommendations page + +View clear suggestions regarding remediation and mitigation options, including workarounds if they exist. Filter by the "zero day" tag to only see security recommendations addressing zero-day vulnerabilities. + +If there is software with a zero-day vulnerability and additional vulnerabilities to address, you will get one recommendation regarding all vulnerabilities. + +![Zero day example of Windows Server 2016 in the security recommendations page.](images/tvm-zero-day-security-recommendation.png) + +## Addressing zero-day vulnerabilities + +Go to the security recommendation page and select a recommendation with a zero-day. A flyout will open with information about the zero-day and other vulnerabilities for that software. + +There will be a link to mitigation options and workarounds if they are available. Workarounds may help reduce the risk posed by this zero-day vulnerability until a patch or security update can be deployed. + +Open remediation options and choose the attention type. An "attention required" remediation option is recommended for the zero-day vulnerabilities, since an update hasn't been released yet. If there are older vulnerabilities for this software you wish to remediation, you can override the "attention required" remediation option and choose “update.” + +![Zero day flyout example of Windows Server 2016 in the security recommendations page.](images/tvm-zero-day-software-flyout-400.png) + +## Patching zero-day vulnerabilities + +When a patch is released for the zero-day, the recommendation will be changed to “Update” and a blue label next to it that says “New security update for zero day.” It will no longer consider as a zero-day, the zero-day tag will be removed from all pages. + +![Recommendation for "Update Microsoft Windows 10" with new patch label.](images/tvm-zero-day-patch.jpg) + +## Related topics + +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) +- [Dashboard](tvm-dashboard-insights.md) +- [Security recommendations](tvm-security-recommendation.md) +- [Software inventory](tvm-software-inventory.md) +- [Vulnerabilities in my organization](tvm-weaknesses.md)