Microsoft.com Operations Team Blog

As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device (BYOD) revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost savings and productivity, it is also important to have robust security policies supporting BYOD.

In my travels abroad over the years, I have had the great opportunity to meet with many enterprise customers to discuss the evolving threat landscape.  In addition to helping inform customers, these meetings have provided me with an opportunity to learn more about how customers are managing risk within their environments.   Many of these customers are interested in learning about the top threats found in enterprise environments.  Visibility into what threats are most common in enterprise environments helps organizations assess their current security posture and better prioritize their security investments.  Given the high level of interest in this information, I thought it would be helpful to take a close look at the top 10 threats facing enterprise customers based on new intelligence from the latest Microsoft Security Intelligence Report (SIRv15). 

The recently published Microsoft Security Intelligence Report (SIRv15) contains a section on ransomware. Ransomware is a type of malware that is designed to render a computer or its files unusable until the computer user pays the demanded amount of money to the attacker. It often masquerades as an official-looking warning from a well-known law enforcement agency, such as the US Federal Bureau of Investigation (FBI) or the Metropolitan Police Service of London. Some examples are provided in Figure 1.

Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest.

One of the tools I get asked most about when I’m with customers is the Enhanced Mitigations Experience Toolkit (EMET). EMET is a free mitigation tool designed to help IT Professionals and developers prevent vulnerabilities in software from being successfully exploited. The tool works by protecting applications via the latest security mitigation technologies built into Windows, even in cases where the developer of the application didn’t opt to do this themselves. By doing so, it enables a wide variety of software to be made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied.