SCCM 1706 (CB) et 1707 (TP) sont disponibles…


News from Yvette:

Now Available: Update 1706 for System Center Configuration Manager

Happy Friday! We are delighted to announce that we have released version 1706 for the Current Branch (CB) of System Center Configuration Manager that includes new features and product enhancements!

Many of these enhancements are designed for organizations that are going through the digital transformation and want to modernize their IT infrastructure, policies, and processes. With each release of Configuration Manager, we are focusing on the following themes:

  1. Configuration Manager makes it easier to adopt and deploy Windows 10 and Office 365.
  2. Configuration Manager enables the management of Windows 10 security settings to protect users and company data.
  3. Configuration Manager helps customers build the bridge to modern management of Windows to simplify management.
  4. Configuration Manager infrastructure is streamlined for simpler and easier use, reducing your total cost of ownership.
  5. Microsoft continues to provide iterative value to customers using Configuration Manager connected with Microsoft Intune.
  6. Microsoft is committed to delighting our customers by continuing to invest and iterate on Configuration Manager based on customer feedback.

We are continuing to see strong adoption by our customers. As of today, we have more than 40,000 organizations managing more than 84 million devices using the Current Branch of Configuration Manager. And thanks to our active Technical Preview Branch community, the 1706 update includes feedback and usage data we have gathered from customers who have installed and road tested our monthly technical previews over the last few months. As always, 1706 has also been tested at scale – by real customers, in real production environments.

Here are just few of the enhancements that are available in this update:

Windows 10 and Office 365

  • Manage Microsoft Surface driver updates – You can now use Configuration Manager to manage Microsoft Surface driver updates.
  • Windows Analytics Commercial ID and Windows telemetry levels – You can now specify the Windows Analytics Commercial ID and configure telemetry, commercial data, and Internet Explorer data collection settings in Client Settings for use with Upgrade Readiness.
  • Improved user experience for Office 365 updates – Improvements have been made to leverage the Office Click-to-Run user experience when a client installs an Office 365 update. This includes pop-up and in-app notifications, and a countdown experience.

Windows 10 Security

  • SecureBoot and TPM inventory data – Hardware inventory can now determine whether the device has SecureBoot enabled and various properties of the TPM (enabled by default).
  • Windows Defender Device Guard – You can now include trust for specific files and folder paths in Device Guard policies.

Modern Management

  • Azure AD-enabled Cloud Management – You can now onboard the site to Azure AD via Cloud Services. Additionally, you can install the client on the Internet.
  • Windows Update for Business enhancements – There is a new dedicated experience to configure and deploy deferral settings for easy discoverability.

Streamlined Infrastructure

  • Cloud services consolidation – There is now common experience for OMS Connector, Upgrade Readiness, Windows Store for Business, and Cloud Management.
  • Reload boot images with latest WinPE version – During the “Update Distribution Points” wizard on a boot image, you can now reload the version of Windows PE in the selected boot image.
  • Boundary Group improvements – Boundary groups now support configuring the time for fallback for software update points.
  • Configuration Manager Update Reset Tool – We have added new tool to reset and restart in-console updates when they have problems downloading or replicating.
  • Accessibility – Screen reader improvements and improved keyboard navigation in and out of the ribbon in the Configuration Manager console.

Configuration Manager connected with Microsoft Intune

  • Entrust as certificate authority for PFX Certificates – Entrust can now be used as the certificate authority for PFX certificates.
  • Additional Android for Work features – You can now configure app configuration policies for Android for Work and support for available apps.
  • Additional Compliance Policy settings – We added additional compliance policy settings that were previously available only in Intune standalone.
  • Enrollment restriction conditions – Admin can now prevent enrollment for iOS or Android devices marked as personal.
  • Cisco IPSec VPN support for iOS – Cisco IPsec will be a new connection type option for VPN profiles for iOS.
  • Windows Edition Upgrade policy – This policy allows admins to set a policy to upgrade Windows 10 to Enterprise editions.
  • Additional MAM settings – We added new settings such as block screen capture (Android only), disable contact sync, and disable printing.
  • Windows configuration settings – We added new Windows configuration item settings that were previously only available in Intune standalone.

Customer Feedback

  • Create and run PowerShell scripts – You can now create and run scripts with parameters to devices and collections.
  • Task Sequence improvements – You can now easily toggle when the task sequence progress is or is not displayed to the end user, on a granular step-by-step basis. Additionally, groups in the task sequence editor can be collapsed or expanded.
  • Share an application from Software Center – You can copy a direct link to an application in Software Center using the new Share button in the Application Details view.

For more details and to view the full list of new features in this update check out our What’s new in version 1706 of System Center Configuration Manager documentation.

Note: As the update is rolled out globally in the coming weeks, it will be automatically downloaded, and you will be notified when it is ready to install from the “Updates and Servicing” node in your Configuration Manager console. If you can’t wait to try these new features, this PowerShell script can be used to ensure that you are in the first wave of customers getting the update. By running this script, you will see the update available in your console right away.

For assistance with the upgrade process please post your questions in the Site and Client Deployment forum. To provide feedback or report any issues with the functionality included in this release, please use Connect.If there’s a new feature or enhancement you want us to consider including in future updates, please use the Configuration Manager UserVoice site.

Thank you,

The System Center Configuration Manager team

Additional resources:

Afficher l’article…

…et ce n’est pas tout!

Update 1707 for Configuration Manager Technical Preview Branch – Available Now!

Hello everyone! We are happy to let you know that update 1707 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This month’s new preview features include:

  • Client Peer Cache support for express installation files for Windows 10 and Office 365 – Beginning with this release, Peer Cache supports distribution of content express installation files for Windows 10 and of update files for Office 365. No additional configuration or changes are required.
  • Create and run scripts with parameters – You can now create and run scripts with parameters to devices and collections.
  • Configure network definitions using Windows Defender Application Guard policies – You can now configure network definitions using Windows Defender Application Guard policies. These include domain names, IP ranges, cloud resources, and proxy servers.
  • Surface Device Dashboard – You can now use the Surface Device Dashboard to view information about the model and operating system version of your Surface devices.

Update 1707 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1703 baseline version of Configuration Manager Technical Preview Branch available on TechNet Evaluation Center.

We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use Connect. If there’s a new feature or enhancement you want us to consider for future updates, please use the Configuration Manager UserVoice site.

Thanks,

The System Center Configuration Manager team

Configuration Manager Resources:

Documentation for System Center Configuration Manager Technical Previews

Try the System Center Configuration Manager Technical Preview Branch

Documentation for System Center Configuration Manager

System Center Configuration Manager Forums

System Center Configuration Manager Support

Download the Configuration Manager Support Center

Afficher l’article…

Publié dans Deployment, ENGLISH, System Center | Laisser un commentaire

July Updated ISOs are Availables!


Les ISOs de Windows 10 contenant les mises à jour de Juillet sont téléchargeables sur MSDN!

image

A vos téléchargements…

PierrE.

Publié dans Deployment, Security, Windows10, WSUS | Laisser un commentaire

[ENGLISH] Azure Stack is ready to order!!!


Throughout the Technical Previews, we’ve seen tremendous customer and partner excitement around Microsoft Azure Stack. In fact, we’re speaking with thousands of partners this week at our Microsoft Inspire event. Our partners are excited about the new business opportunities opened up by our ‘One Azure Ecosystem’ approach, which helps them extend their Azure investments to Azure Stack, to unlock new possibilities for hybrid cloud environments. In that vein, today we are announcing:

  • Orderable Azure Stack integrated systems: We have delivered Azure Stack software to our hardware partners, enabling us to begin the certification process for their integrated systems, with the first systems to begin shipping in September. You can now order integrated systems from Dell EMC, HPE, and Lenovo. 
  • Azure Stack software pricing and availability: We have released pricing for the pay-as-you-use and capacity-based models today, you can use that information to plan your purchases.
  • Azure Stack Development Kit (ASDK) availability: ASDK, the free single-server deployment option for trial purposes, is available for web download today. You can use it to build and validate your applications for integrated systems deployments.

Azure Stack promise

Azure Stack is an extension of Azure, thereby enabling a truly consistent hybrid cloud platform. Consistency removes hybrid cloud complexity, which helps you maximize your investments across cloud and on-premises environments. Consistency enables you to build and deploy applications using the exact same approach – same APIs, same DevOps tools, same portal – leading to increased developer productivity. Consistency enables you to develop cloud applications faster by building on Azure Marketplace application components. Consistency enables you to confidently invest in people and processes knowing that those are fully transferable. The ability to run consistent Azure services on-premises gets you full flexibility to decide where applications and workloads should reside. An integrated systems-based delivery model ensures that you can focus on what matters to your business (i.e., your applications), while also enabling us to deliver Azure innovation to you faster. 

In its initial release, Azure Stack includes a core set of Azure services, DevOps tooling, and Azure Marketplace content, all of which are delivered through an integrated systems approach. Check out this whitepaper for more information about what capabilities are available in Azure Stack at the initial release and what is planned for future versions.  

Hybrid use cases unlock application innovation

Azure and Azure Stack unlock new use cases for customer facing and internal line of business applications: 

  • Edge and disconnected solutions: You can address latency and connectivity requirements by processing data locally in Azure Stack and then aggregating in Azure for further analytics, with common application logic across both. We’re seeing lots of interest in this Edge scenario across different contexts, including factory floor, cruise ships, and mine shafts.
  • Cloud applications that meet varied regulations: You can develop and deploy applications in Azure, with full flexibility to deploy on-premises on Azure Stack to meet regulatory or policy requirements, with no code changes needed. Many customers are looking to deploy different instances of the same application – for example, a global audit or financial reporting app – to Azure or Azure Stack, based on business and technical requirements. While Azure meets most requirements, Azure Stack enables on-premises deployments in locations where it’s needed. Saxo Bank is a great example of an organization who plan to leverage the deployment flexibility enabled by Azure Stack.  
  • Cloud application model on-premises: You can use Azure web and mobile services, containers, serverless, and microservice architectures to update and extend existing applications or build new ones. You can use consistent DevOps processes across Azure in the cloud and Azure Stack on-premises. We’re seeing broad interest in application modernization, including for core mission-critical applications. Mitsui is a great example of an organization planning their application modernization roadmap using Azure Stack and Azure.

Ecosystem solutions across Azure and Azure Stack

You can speed up your Azure Stack initiatives by leveraging the rich Azure ecosystem:

  • Our goal is to ensure that most ISV applications and services that are certified for Azure will work on Azure Stack. Multiple ISVs, including Bitnami, Docker, Kemp Technologies, Pivotal Cloud Foundry, Red Hat Enterprise Linux, and SUSE Linux, are working to make their solutions available on Azure Stack.  
  • You have the option of having Azure Stack delivered and operated as a fully managed service. Multiple partners, including Avanade, Daisy, Evry, Rackspace, and Tieto, are working to deliver managed service offerings across Azure and Azure Stack. These partners have been delivering managed services for Azure via the Cloud Solution Provider (CSP) program and are now extending their offerings to include hybrid solutions. 
  • Systems Integrators (SI) can help you accelerate your application modernization initiatives by bringing in-depth Azure skillsets, domain and industry knowledge, and process expertise (e.g., DevOps). PriceWaterhouseCoopers (PwC) is a great example of an SI that’s expanding their consulting practice to Azure and Azure Stack.

Orderable integrated systems, free single-server kit for trial

Azure Stack has two deployment options:

  • Azure Stack integrated systems – These are multi-server systems meant for production use, and are designed to get you up and running quickly. Depending upon your hardware preferences, you can choose integrated systems from Dell EMC, HPE, and Lenovo (with Cisco and Huawei following later). You can now explore these certified hardware solutions and order integrated systems by contacting our hardware partners. These systems come ready to run and offer consistent, end-to-end customer support no matter who you call. They will initially be available in 46 countries covering key markets across the world.  
  • Azure Stack Development Kit (ASDK) – ASDK is a free single server deployment that’s designed for trial and proof of concept purposes. ASDK is available for web download today, and you can use it to prototype your applications. The portal, Azure services, DevOps tools, and Marketplace content are the same across this ASDK release and integrated systems, so applications built against the ASDK will work when deployed to a multi-server system.

Closing thoughts

As an extension of Azure, Azure Stack will deliver continuous innovation with frequent updates following the initial release. These updates will help us deliver enriched hybrid application use cases, as well as grow the infrastructure footprint of Azure Stack. We will also continue to broaden the Azure ecosystem to enable additional choice and flexibility for you. 

I look forward to hearing what everyone does with Azure Stack!

– Mike

Afficher l’article…

Publié dans Azure, AzureStack, business, Cloud, Deployment, ENGLISH, Hyper-V, Migration, SDK, Security, Storage | Laisser un commentaire

SCUP 2017 Preview !!!


News from Yvette, again, and again, and again!

E cette fois, pour ceux qui utilisent déjà SCUP voila une bonne nouvelle: Support de Windows 10 et Serveur 2016! et les mêmes habitudes/interfaces de gestion…

Today we are announcing availability of System Center Updates Publisher (SCUP) Preview. Many of you are using SCUP 2011 now to:

  • Import updates from external catalogs (non-Microsoft update catalogs).
  • Modify update definitions including applicability, and deployment metadata.
  • Export updates to external catalogs.
  • Publish updates to an update server.

This SCUP preview adds support for Windows 10 and Windows Server 2016. Users who are familiar with SCUP 2011 will be able to easily use the preview on Windows 10 and Windows Server 2016 systems as there are no major changes to the way the SCUP works.

Joining the preview

We are excited to have you join our preview! To get started:

  1. Download the SCUP Preview here.
  2. Run UpdatesPublisher.msi on a computer that meets the prerequisites.
  3. Configure the options for SCUP.
  4. Start using the features of SCUP.

For a walkthrough of these steps please read our System Center Updates Publisher documentation.

We would love to hear your feedback. If you have a feature request, share your ideas with us on the Configuration Manager UserVoice site. You can report issues with SCUP on Connect or reach out to us directly at Scupfeedback@microsoft.com.

Frequently Asked Questions

Q. Does this release include SCUP integration with the Configuration Manager Console?

A. This preview is to enable SCUP 2011 features on our newest OSes and is not directly related to work that is planned for Configuration Manager Console Integration. For the latest news about that, please see the UserVoice item here.

Q. Can I use this preview release with Windows 7 or WSUS 3.x?

A. Windows 7 and WSUS 3.x are not supported with this release. Please continue to use SCUP 2011.

Q. Does this preview release support upgrade from SCUP 2011?

A. For Windows 8.1 and Server 2012 R2 systems that have SCUP 2011 installed, installation of the preview will not uninstall or interfere with the existing SCUP 2011 installation. On these systems, you may continue to use SCUP 2011 or use the preview version, however the two installations will not share data.

Afficher l’article…

Publié dans 2016, Deployment, Security, System Center, Windows10, WSUS | Tagué , , , , | Laisser un commentaire

Nice gift :)


image

Image | Publié le par | Laisser un commentaire

Azure Made in France!!!! enfin!!!!


Bon, l’attente aura été longue mais Azure aura désormais 2 Datacenters en France!!! Nombre de mes clients n’attendent que ça pour commencer à pouvoir “jouer” avec le Cloud Public de Microsoft… Cela devient enfin possible, enfin, très bientôt!

image

PierrE (Azure in France)…

Publié dans Azure, AzureStack, business, Cloud | Laisser un commentaire

SCCM TP Update 1706 disponible


News from Yvette Smile

Hello everyone! We are happy to let you know that update 1706 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This month’s new preview features include:

Client
  • Include trust for specific file paths in Device Guard policies – Optionally, include trust for a specific local file or folder path on clients running a Device Guard policy. Any binaries at the locations specified in the policy can run on targeted clients when enforcement is enabled in the policy.
  • Register Windows 10 devices with Azure Active Directory – A new client setting (in Cloud Services group) is enabled by default to automatically register new Windows 10 domain joined devices with Azure AD.
Application Lifecycle and Content
  • Specify a different install content location and uninstall content location for a deployment type – You can now specify a different install content location and uninstall content location for a deployment type. Additionally, you can also leave the uninstall content location empty.
  • Improvements for Software Update Points in Boundary Groups – Boundary groups now support configuring the time for fallback for software update points.
Operating System Deployment
  • PXE network boot support for IPv6 – In an IPv6-only network, boot a device via PXE to start a task sequence OS deployment.
  • Hide task sequence progress – Easily toggle when the task sequence progress is or is not displayed to the end user, on a granular step-by-step basis.
Conditional Access
  • Device Health Attestation assessment for compliance policies for conditional access – Use Device Health Attestation status as a compliance policy rule for conditional access to company resources.
Software Updates
  • Manage Microsoft Surface driver updates – You can now use Configuration Manager to manage Microsoft Surface driver updates.
  • Windows Update for Business policy setting configuration – Use configuration items to configure deferral settings for Windows Update for Business.
Core Infrastructure
  • Site Server Role High Availability – You can now add a primary site server in ‘passive mode’ to your standalone site to increase availability.
  • Create and run scripts – Create and run scripts from Configuration Manager.
  • Upgrade Readiness added to Azure Services Wizard – You can now use Azure Services Wizard to connect ConfigMgr to Upgrade Readiness in Windows Analytics to synchronize data to assess device compatibility with Windows 10.
  • Accessibility improvements in the Configuration Manager console – This preview introduces several improvements to the accessibility features in the Configuration Manager console.

This release also includes the following improvement for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices:

  • Android and iOS Enrollment Restrictions – Admins can now specify that users cannot enroll personal Android or iOS devices in their hybrid environment, limiting enrollment to predeclared company-owned devices or DEP-enrolled devices only.
  • New options for compliance policies – You can now configure new options for compliance policies that were previously only available in Intune standalone.
  • New compliance policy actions – You can now configure actions for compliance policies. These actions include setting a grace period for devices that are noncompliant before they lose access to company resources, and creating emails to be sent to users with noncompliant devices.
  • New settings for Windows configuration items – You can now configure new Windows configuration item settings that were previously only available in Intune standalone.
  • Cisco (IPsec) support for iOS VPN Profiles – Admins can now use Cisco (IPsec) as a connection type for VPN profiles for iOS.
  • App Protection settings to block printing and contact sync – Additional settings have been added to block printing and contact sync on Intune-enlightened applications.
  • PFX certificate creation and distribution and S/MIME support – Admins can create and deploy PFX certificates to users utilizing an Entrust certification authority. These certificates can then be used for S/MIME encryption, decryption, and authentication by devices that the user has enrolled.

Update 1706 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1703 baseline version of Configuration Manager Technical Preview Branch available on TechNet Evaluation Center.

We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use Connect. If theres a new feature or enhancement you want us to consider for future updates, please use the Configuration Manager UserVoice site.

Thanks,

The System Center Configuration Manager team

Configuration Manager Resources:

Documentation for System Center Configuration Manager Technical Previews

Try the System Center Configuration Manager Technical Preview Branch

Documentation for System Center Configuration Manager

System Center Configuration Manager Forums

System Center Configuration Manager Support

Download the Configuration Manager Support Center

Afficher l’article…

Publié dans Deployment, System Center, vNext | Tagué , , , , | Laisser un commentaire

Nouveaux téléchargements disponibles sur MSDN


Bon, en plus de la migration vers la nouvelle plateforme de téléchargement de vos ISO et avantages MSDN, voila les nouveautés disponibles pour le mois de juin :

image

Les ISOs de W10 avec les MAJ, histoire d’être sûr de déployer la version UP TO DATE en ces temps de Ransomware….même si W10 n’est pas si exposé!

Bon Téléchargements,

 

PierrE.

Publié dans Uncategorized | 2 commentaires

Désactiver SMBv1 et éviter les Ransomware !


Les dernières vagues de Ransomware exploitent une faille de sécurité connue et normalement “patchée” avec le MS17-010 en utilisant “Eternal Blue” ‘leaké’ par The Shadow Brokers plus tôt cette année… plus d’info ici: https://fr.wikipedia.org/wiki/WannaCry

Donc, en théorie, il suffit de maintenir ses systèmes à jour pour l’éviter!

Si vous souhaitez prendre les devants, vous pouvez également désactiver SMBv1 qui est à la base de la vulnérabilité…et qui présente en plus, des inconvénients au niveau des performances par rapport à SMBv2…

Pour cela, je vous conseille de suivre les indications d’ Aaron Margosis, de Microsoft données ici : https://blogs.technet.microsoft.com/secguide/2017/06/15/disabling-smbv1-through-group-policy/ . Il s’appuie sur les ADMX/ADML du Guide de Sécurisation de Windows (que tout admin digne de ce nom devrait lire régulièrement) disponible ici : https://blogs.technet.microsoft.com/secguide/2017/06/15/security-baseline-for-windows-10-creators-update-v1703-draft/.

Si vous avez SCCM, vous pouvez aussi utiliser les “Compliance Settings”. Pour le faire, voir l’article de Cameron COX (Microsoft PFE) sur les étapes nécessaires ici : https://blogs.technet.microsoft.com/systemcenterpfe/2017/05/22/disable-smbv1-in-your-environments-with-configuration-manager-compliance-settings/

Et voilà un trés bon article de Mattias Benninge , pour utiliser le filtrage sur vos serveurs de fichiers afin de déceler rapidement une infection en cours de propagation : https://deploymentresearch.com/Research/Post/634/Using-File-Screen-to-block-Ransomware-like-WannaCry-on-server-shares-Part-1

Alors n’attendez pas la catastrophe pour réagir, cette deuxième vague n’aurait jamais dû avoir les conséquences qu’elle a, sachant qu’elle exploite les même failles que celles de WannaCry… il faut apprendre ou mourir (oui, je suis formateur…) et cela paraît fou de voir que quelques semaines après une telle attaque, de grands groupes n’aient toujours pas mis en place les correctifs ou mesures nécessaires pour se protéger contre une menace connue, exploitée et déjà identifiée clairement il y a plus de 6 mois.

Bon Patchage à tous !

PierrE.

Publié dans business, Ransomeware, Security, System Center, WSUS | Tagué , , , , , , , , , , , | Laisser un commentaire

Alerte Sécurité ! Patchez vos systèmes… Petya et Petrwrap arrivent ! ! !


Seconde alerte Ransomware du trimestre… deuxième vague ! Du coup, Microsoft met à jour un bon nombre de KBs avant le Patch Tuesday…à vos consoles, prêts, patchez!

********************************************************************
Title: Microsoft Security Update Releases
Issued: June 27, 2017
********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2017-0173  * CVE-2017-0299  * CVE-2017-8482  * CVE-2017-8522
* CVE-2017-0193  * CVE-2017-0300  * CVE-2017-8483  * CVE-2017-8523
* CVE-2017-0215  * CVE-2017-8460  * CVE-2017-8484  * CVE-2017-8524
* CVE-2017-0216  * CVE-2017-8462  * CVE-2017-8485  * CVE-2017-8527
* CVE-2017-0218  * CVE-2017-8464  * CVE-2017-8488  * CVE-2017-8528
* CVE-2017-0219  * CVE-2017-8465  * CVE-2017-8489  * CVE-2017-8529
* CVE-2017-0282  * CVE-2017-8466  * CVE-2017-8490  * CVE-2017-8530
* CVE-2017-0283  * CVE-2017-8468  * CVE-2017-8491  * CVE-2017-8531
* CVE-2017-0284  * CVE-2017-8469  * CVE-2017-8492  * CVE-2017-8532
* CVE-2017-0285  * CVE-2017-8470  * CVE-2017-8493  * CVE-2017-8533
* CVE-2017-0286  * CVE-2017-8471  * CVE-2017-8494  * CVE-2017-8534
* CVE-2017-0287  * CVE-2017-8472  * CVE-2017-8496  * CVE-2017-8543
* CVE-2017-0288  * CVE-2017-8473  * CVE-2017-8497  * CVE-2017-8544
* CVE-2017-0289  * CVE-2017-8474  * CVE-2017-8498  * CVE-2017-8547
* CVE-2017-0291  * CVE-2017-8475  * CVE-2017-8499  * CVE-2017-8548
* CVE-2017-0292  * CVE-2017-8476  * CVE-2017-8504  * CVE-2017-8549
* CVE-2017-0294  * CVE-2017-8477  * CVE-2017-8515  * CVE-2017-8553
* CVE-2017-0295  * CVE-2017-8478  * CVE-2017-8517  * CVE-2017-8554
* CVE-2017-0296  * CVE-2017-8479  * CVE-2017-8519  * CVE-2017-8555
* CVE-2017-0297  * CVE-2017-8480  * CVE-2017-8520  * CVE-2017-8575
* CVE-2017-0298  * CVE-2017-8481  * CVE-2017-8521  * CVE-2017-8576
* CVE-2017-8579
Revision Information:
=====================
– – https://portal.msrc.microsoft.com/en-us/security-guidance
– Version: 4.0
– Reason for Revision: Microsoft is announcing the release of the
following updates to address a known issue customers may experience
when printing from Internet Explorer or Microsoft Edge: 4032782 for
Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 on
Windows Server 2012; 4032695 for Internet Explorer 11 and Microsoft
Edge on Windows 10; 4032693 for Internet Explorer 11 and Microsoft
Edge on Windows 10 1511; 4022723 for Internet Explorer 11 and Microsoft
Edge on Windows 10 1607; 4022716 for Internet Explorer 11 and Microsoft
Edge on Windows 10 1703; 4022720 which is the monthly rollup preview for
Windows 8.1 and Windows Server 2012 R2; 4022721 which is the monthly
rollup preview for Windows Server 2012; 4022168 which is the monthly
rollup preview for Windows 7 Service Pack 1 and Windows Server 2008 R2
Service Pack 1. ??This update removes the protection from CVE-2017-8529.
All updates are available only on the Microsoft Update Catalog, with
the exceptions of 4022720, 4022721, 4022168, and 4022716, which are
also available through Windows Update.
– Originally posted: June 27, 2017
– Aggregate CVE Severity Rating: Critical

 

Mais aussi AzureADConnect si vous l’avez mis en place!

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 27, 2017
********************************************************************
Security Advisories Released or Updated Today
==============================================
* Microsoft Security Advisory 4033453
– Title: Vulnerability in Azure AD Connect Could Allow Elevation
of Privilege
https://technet.microsoft.com/library/security/4033453.aspx
– Reason for Revision: Microsoft is releasing this security advisory
to inform customers that a new version of Azure Active Directory
(AD) Connect is available that addresses an Important security
vulnerability.
– Originally posted: June 27, 2017
– Updated: N/A
– Version: 1.0

 

Attention, cette seconde vague est au moins aussi sensible que celle de Wanacry, donc prenez les mesures adéquates, backups et patchs en urgence !

Ah, et voilà de la lecture de la part de Veeam:

Alors que le ransomware WannaCry a récemment alerté le monde entier en ciblant toutes les organisations des hôpitaux aux entreprises ferroviaires et en exigeant plus de 60 millions de dollars de rançons pour plus de 200 000 ordinateurs verrouillés, il faut retenir que ces attaques sont sans pitié : elles peuvent se produire à tout instant et frapper n’importe qui.
Alors, comment vous préparer à une infection par ransomware potentiellement inévitable et si vous êtes touché, comment restaurez-vous vos données critiques sans payer de rançon ?

Recevez l’e-book GRATUIT et son webinar bonus réalisés par Veeam® et Conversational Geek pour en savoir plus sur (en anglais) :

■ce qui rend les ransomware si difficiles à prévenir et à arrêter ;

■la manière de se préparer à affronter les ransomware avec des correctifs fréquents, des sauvegardes de qualité et la sensibilisation des utilisateurs ;

■la réponse aux attaques par ransomware grâce aux capacités de restauration de Veeam ;

■et encore beaucoup, beaucoup plus !

TÉLÉCHARGER MAINTENANT !

Et une super vidéo de Mr Mark Russinovich sur les techniques de diagnostiques et d’éradication de Ransomware/malware/virus..à voir absolument !

 

PierrE.

Publié dans Ransomeware, Security, SysInternals, System Center, WSUS | Tagué , , , , , , , , , | Laisser un commentaire