Skip to main content

Trustworthy Computing

Microsoft Security Newsletter

Stay up to date with security insights, resources, best practices, and events for IT professionals and developers. Browse past newsletters or subscribe to get the latest news delivered to your inbox.



October's Security Newsletter has arrived!

The theme of this month’s newsletter is client security and Windows 10. I have been talking to customers a lot about cloud services and the relative security of these services versus that of on-premises IT.

In these conversations, typically the first thing that customers want to discuss with me is the security of Microsoft’s datacenters. I find this interesting because the vast majority of threats come from the clients that are used to access cloud services and on-premises IT applications, not from the datacenter. This is what I call the “forgotten part of the cloud” and is something I wrote about over 3 years ago: The Forgotten Part of Cloud Security – the Clients.

Client-side security is as important as it ever has been, even for organizations that use cloud services. This is one aspect of operations that customers can’t delegate to their cloud service provider. That said, Microsoft is the one vendor in the world that provides end-to-end support from the client to the cloud; we are helping our customers with client-side security with all the security capabilities we have built into Windows and will continue to evolve in the future. It’s also why there are so many awesome security products and capabilities built into the Enterprise Mobility Suite (EMS) including cloud-based products like Azure Active Directory, products for securing and managing clients like In-Tune, and on-premises security products like Advanced Threat Analytics. If you haven’t already, check out EMS – the fasting selling enterprise product in Microsoft’s history!

As far as Windows operating system releases go, Windows 10 really is a huge step forward for client security. There is a very impressive list of new and improved security features and functionality in Windows 10. Windows 10 has been designed to help secure devices and identities, offer improved threat resistance and information protection. Some of the new and enhanced protections built into Windows 10 include Windows Hello, Microsoft Passport, Enterprise Data Protection, BitLocker, Credential Guard, Device Guard, and Windows Defender to name just a few. Enterprise customers can evaluate these Windows 10 security features by downloading the Windows 10 Enterprise Evaluation and trying Windows 10 Enterprise free for 90 days.

Please enjoy this month’s newsletter.

Tim Rains Best regards,
Tim Rains, Chief Security Advisor
Cybersecurity & Cloud Strategy, Microsoft

Want to share this newsletter with a friend or colleague? Click here for the online edition and subscription options.
Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.comand share your ideas.

Top Stories
Cloud Security Controls Series: Managing “Shadow IT”
While some companies are adamant that no one within their organization is currently using the cloud, others speculate that some groups are undoubtedly using cloud apps unbeknownst to their IT department and without explicit organizational approval to do so. Learn how to gather data to help you gain insight into the “shadow IT” solutions that might be in use within your organization.

Cloud Security Controls Series: Penetration Testing, Red Teaming, & Forensics
Learn about Microsoft’s own penetration tests, whether you can do penetration testing on Microsoft cloud services, and how the cloud impacts customers’ ability to perform forensic investigations on systems they have in the cloud.

Cloud Security Controls Series: OneDrive for Business
Find out about the security controls built into OneDrive for Business that will help them manage the security of the data they store there.

What’s New with Microsoft Threat Modeling Tool 2016
Available as a free download from the Microsoft Download Center, the Microsoft Threat Modeling Tool is a free tool to help you find threats in the design phase of software projects. Explore the improvements in the latest release, which simplifies working with threats and provides a new editor for defining your own threats.

Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty
.NET and ASP.NET represent critical building blocks in the Visual Studio Development Suite. Learn about this latest expansion of the Microsoft Bounty Program.

Security Guidance

Security Tip of the Month: Get up to speed with the best from Microsoft Ignite 2015
Looking for in-depth walkthroughs of Windows 10 security technologies? Didn’t have a chance to attend this year’s Ignite conference? Start with these on-demand sessions:

Inside Identity and Deployment for Windows 10
A New Era of Threat Resistance for the Windows 10 Platform
Windows 10: Security Internal
Black Belt Security with Windows 10
Pass the Hash and Windows 10 Security
Windows 10 for Mobile Devices: Secure by Design
Secure Authentication with Windows Hello
Dropping the Hammer Down on Malware Threats with Windows 10’s Device Guard

Windows 10 security overview
Get a detailed description of the most important security improvements in the Windows 10 operating system and how they can help you protect your organization.

Keep Windows 10 secure
Ready to delve deeper into Windows 10 security? Check out these resources:

Credential Guard overview
Device Guard deployment guide and Device Guard certification and compliance
Manage identity verification using Microsoft Passport and Microsoft Passport guide
Security auditing
Trusted Platform Module
User Account Control
VPN profile options

This Month's Security Bulletins

October 2015 Security Bulletins


MS15-106:3096441 Cumulative Security Update for Internet Explorer
MS15-108:3089659 Security Update for JScript and VBScript to Address Remote Code Execution
MS15-109:3096443 Security Update for Windows Shell to Address Remote Code Execution


MS15-107:3096448 Cumulative Security Update for Microsoft Edge
MS15-110:3096440 Security Updates for Microsoft Office to Address Remote Code Execution
MS15-111:3096447 Security Update for Windows Kernel to Address Elevation of Privilege

October 2015 Security Bulletin Resources:

October 2015 Security Update Release Summary
Malicious Software Removal Tool: October 2015 Update and blog summary

Security Events and Training
Microsoft Virtual Academy: Getting Started with Windows 10 for IT Professionals
Walk through what's new in Windows 10 deployment and management, with a team of experts. Look at runtime provisioning, mobile device management (MDM), secure authentication, and much more. Plus, find out what Windows as a Service means for you and your organization.

Microsoft Virtual Academy: Security in the Enterprise
Walk with experts through social media platforms to discover how they really work. Get tips and practical advice on social networking security. Plus, explore methods of developing a secure baseline and how to harden your Windows Enterprise architectures and applications from pass-the-hash and other advanced attacks, and look at system patching. Finally, learn how to help improve your organization's security with Microsoft operating systems and tools.

Azure AD Join in Windows 10
Learn how Azure Active Directory (Azure AD) Join can enable your mobile workforce.

Endpoint Zone Episode 10: Windows 10
Explore Windows 10 security features, the upgrade process, how to prepare for Windows as a Service, and more.


Essential Tools

Microsoft Security Bulletins
Microsoft Security Advisories
Microsoft Security Development Lifecycle Starter Kit
Enhanced Mitigation Experience Toolkit
Malicious Software Removal Tool
Microsoft Baseline Security Analyzer

Security Centers

Security TechCenter
Security Developer Center
Microsoft Security Response Center
Microsoft Malware Protection Center
Microsoft Privacy
Microsoft Security Product Solution Centers

Additional Resources

Microsoft Cybertrust Blog
Microsoft Azure Security Blog
Microsoft Security Intelligence Report
Microsoft Security Development Lifecycle
Malware Response Guide
Security Troubleshooting and Support Resources Computing 
 This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2014 Microsoft Corporation Terms of Use | Trademarks

Microsoft respects your privacy. To learn more please read our online Privacy Statement.