diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index e9cda8004c..e1bdd172ec 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,9 +50,9 @@ sections: text: " + - diff --git a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md index f6f11da946..fac075a33c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md @@ -52,6 +52,19 @@ The goal is to remediate the issues in the security recommendations list to impr See how you can [improve your security configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios#improve-your-security-configuration), for details. +>[!IMPORTANT] +>To boost your vulnerability assessment detection rates, you can download the following set of optional security updates and deploy them in your network: +>- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) +>- RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077) +>- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045) +>- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071) +> +>To download the security updates: +>1. Go to [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/home.aspx). +>2. Key-in the security update KB number that you need to download, then click **Search**. +> +>Downloading the above-mentioned security updates will be mandatory starting Patch Tuesday, October 8, 2019. + ## Related topics - [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index cc13be6a2b..3a670e00a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -1,7 +1,7 @@ --- -title: Next-generation Threat & Vulnerability Management +title: Threat & Vulnerability Management description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. -keywords: threat and vulnerability management, MDATP-TVM, vulnerability management, threat and vulnerability scanning +keywords: threat & vulnerability management, threat and vulnerability management, MDATP TVM, MDATP-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration asessment, windows defender atp, microsoft defender atp, endpoint vulnerabilities search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 0d04d8f3fb..a3780835a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -54,7 +54,7 @@ The following features are included in the preview release: - [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac)
Microsoft Defender ATP for Mac brings the next-generation protection, and endpoint detection and response coverage to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices. -- [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. +- [Threat & Vulnerability Management Report inaccuracy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy)
You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy), [software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory#report-inaccuracy), and [discovered vulnerabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses#report-inaccuracy). - [Machine health and compliance report](machine-reports.md) The machine health and compliance report provides high-level information about the devices in your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index fb697ba2a7..d63d1f4ea5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -30,12 +30,19 @@ Ensure that your machines: >Threat & Vulnerability Management can also scan machines that run on Windows 7 and Windows Server 2019 operating systems and detects vulnerabilities addressed in patch Tuesday. - Have the following mandatory updates installed: -- (1) RS3 customers | [KB4493441](https://support.microsoft.com/en-us/help/4493441/windows-10-update-kb4493441) -- (2) RS4 customers | [KB4493464](https://support.microsoft.com/en-us/help/4493464) +- (1) RS3 customers | [KB4493441](https://support.microsoft.com/help/4493441/windows-10-update-kb4493441) +- (2) RS4 customers | [KB4493464](https://support.microsoft.com/help/4493464) - Are onboarded to Microsoft Intune and System Center Configuration Manager (SCCM). If you are use SCCM, update your console to the latest May version 1905 - Have at least one security recommendation that can be viewed in the machine page - Are tagged or marked as co-managed +>[!IMPORTANT] +>To boost your vulnerability assessment detection rates, you can download the following set of optional security updates and deploy them in your network: +>- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) +>- RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077) +>- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045) +>- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071) +>

Downloading and deploying the above-mentioned security updates will be mandatory starting Patch Tuesday, October 8, 2019. ## Reduce your threat and vulnerability exposure Threat & Vulnerability Management introduces a new exposure score metric, which visually represents how exposed your machines are to imminent threats. diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index ab8bccc02c..bb9f499cd3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -23,7 +23,15 @@ ms.date: 04/11/2019 Threat & Vulnerability Management leverages the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities. -The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, corresponding breach, and threat insights. +The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, corresponding breach, and threat insights. + +>[!IMPORTANT] +>To boost your vulnerability assessment detection rates, you can download the following set of optional security updates and deploy them in your network: +>- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) +>- RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077) +>- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045) +>- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071) +>

Downloading the above-mentioned security updates will be mandatory starting Patch Tuesday, October 8, 2019. ## Navigate through your organization's weaknesses page You can see the list of vulnerabilities in four ways:

MessageDate
Advisory: Scripting Engine Memory Corruption Vulnerability (CVE-2019-1367)
On September 23, 2019, Microsoft released a security update to address a remote code execution vulnerability in the way the scripting engine handles objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could gain the same user permissions as the current user. For example, if a user is logged on with administrative rights, an attacker could take control of an affected system and install programs; view, change, or delete data; or create new accounts with full user rights. Alternatively, an attacker could host a specially crafted website targeting Internet Explorer and then entice a user to open web page or a malicious document attached to an e-mail. For more information about the vulnerability, see the Microsoft Security Guide CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability. 
 
Mitigation for this vulnerability is available from the Microsoft Security Update Guide. Additionally, on September 24, 2019, mitigation for this vulnerability will be available via Windows Update (WU) and Windows Server Update Services (WSUS) as part of the 9C optional update for all supported versions of Windows, with the exception of Windows 10, version 1903. For devices running Windows 10, version 1903, mitigation for this vulnerability will be available via Windows Update and WSUS as part of the optional 9D update (targeted for September 26, 2019.) You can get the update in Windows via Settings > Windows Update > Check for Updates. (Note: Because this update requires a reboot, we are making it optional to give customers and administrators a choice to install/deploy the update now.)

For the best protection, we recommend you apply the latest Windows updates and follow security best practices and do not open attachments or documents from an untrusted source. For more information about the vulnerability, see the Microsoft Security Guide: CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability
September 24, 2019
11:00 AM PT
Status update: September 2019 Windows \"C\" optional release available
The September 2019 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
September 24, 2019
08:10 AM PT
Plan for change: Windows Media Center Electronic Program Guide retiring in January 2020
Starting in January 2020, Microsoft is retiring its Electronic Program Guide (EPG) service for all versions of Windows Media Center. To continue receiving TV Program Guide information on your Windows Media Center, you’ll need to configure an alternate TV listing provider.
September 24, 2019
08:00 AM PT
Advisory: Scripting Engine Memory Corruption Vulnerability (CVE-2019-1367)
On September 23, 2019, Microsoft released a security update to address a remote code execution vulnerability in the way the scripting engine handles objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could gain the same user permissions as the current user. For example, if a user is logged on with administrative rights, an attacker could take control of an affected system and install programs; view, change, or delete data; or create new accounts with full user rights. Alternatively, an attacker could host a specially crafted website targeting Internet Explorer and then entice a user to open web page or a malicious document attached to an e-mail. For more information about the vulnerability, see the Microsoft Security Guide CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability
 
Mitigation for this vulnerability is available from the Microsoft Security Update Guide. For the best protection, we recommend you apply the latest Windows updates and follow security best practices and do not open attachments or documents from an untrusted source. For more information about the vulnerability, see the Microsoft Security Guide: CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability
September 22, 2019
11:00 AM PT
Status of September 2019 “C” release
The optional monthly “C” release for September 2019 for all supported versions of Windows and Windows Server prior to Windows 10, version 1903 and Windows Server, version 1903 will be available in the near term. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
September 19, 2019
04:11 PM PT
Plan for change: End of service reminders for Windows 10, versions 1703 and 1803
The Enterprise and Education editions of Windows 10, version 1703 (the Creators Update) will reach end of service on October 8, 2019. The Home, Pro, Pro for Workstations, and IoT Core editions of Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019. We recommend that you update devices running these versions and editions to the latest version of Windows 10—Windows 10, version 1903—as soon as possible to help keep them protected and your environments secure.
September 13, 2019
03:23 PM PT
September 2019 security update available for all supported versions of Windows
The September 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
September 10, 2019
09:34 AM PT