![]() To reduce this risk, new application versions and patches for applications should be applied in an appropriate timeframe as determined by the severity of vulnerabilities they address and any mitigating measures already in place. Adobe Flash), email clients (Microsoft Outlook) and software platforms (e.g. Microsoft Internet Explorer, Mozilla Firefox or Google Chrome), common web browser plugins (e.g. This is especially important for key applications that interact with content from untrusted sources such as office productivity suites (e.g. ![]() If new application versions and patches for applications are not installed it can allow malicious actors to easily compromise workstations. While some vendors may release new application versions to address vulnerabilities, others may release patches. For more information see the Hardening Microsoft 365, Office 2021, Office 2019 and Office 2016 publication. The Australian Signals Directorate also provides guidance for hardening Microsoft Office. ![]() ![]() In such cases, vendor guidance should be followed to assist in securely configuring their products. For example, Microsoft provides security baselines for their products on their Microsoft Security Baseline Blog. In addition, vendors may provide guidance on configuring their products securely. This is especially important for key applications such as office productivity suites (e.g. To reduce this risk, applications should have any in-built security functionality enabled and appropriately configured along with unrequired functionality disabled. For example, Microsoft Office by default allows untrusted macros in Office documents to automatically execute without user interaction. By default, many applications enable functionality that isn’t required by any users while in-built security functionality may be disabled or set at a lower security level. When applications are installed they are often not pre-configured in a secure state. The following recommendations, listed in alphabetical order, should be treated as high priorities when hardening Microsoft Windows 10 workstations. Guidance on Windows Update for Business was added Guidance on Windows Hello for Business was added Guidance on Chromium-based Microsoft Edge was added Privilege escalation guidance was updated to automatically deny elevation requests for standard users Alternatively, there is often a function to import Group Policy settings into cloud-based device managers.Ī summary of the changes from the previous release of this publication are:Įxceptions for default application control rulesets were updated ![]() Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 10 version 21H1 – some differences will exist for earlier versions of Microsoft Windows 10.įor cloud-based device managers, such as Microsoft Endpoint Manager, equivalents can be found for many of the Group Policy settings. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server version 21H1 or Microsoft Windows Server 2019. Before implementing recommendations in this publication, thorough testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible. This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10 version 21H1. Hardening workstations is an important part of reducing this risk. Workstations are often targeted by malicious actors using malicious websites, emails or removable media in an attempt to extract sensitive information. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |