The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system. The new EMET 4.0 (Beta) features provides a preview on what’s in store for the final version. Please note that this is a "Beta" release. It is not ready for wide enterprise deployment. The latest official EMET release, EMET V3, is ready for enterprise deployment. Below is a summary of the features and changes that are included with the EMET 4.0 Beta release: • Certificate Trust: considering the raise of PKI-related attacks, we decided to implement a configurable SSL Certificate Pinning to try to detect Man in the Middle attacks that leverage SSL/TLS certificates. The Certificate Trust feature in EMET is rule-based and allows to pin a specific SSL/TLS certificate to a trusted Root Certificate Authority; • ROP mitigations and hardening: in the last Technical Preview release of EMET, we introduced some mitigations to try to stop ROP-based attacks by implementing some of the winner ideas of the BlueHat Prize contest. With this new EMET release we hardened the ROP and other mitigations to detect and stop novel attack techniques. For example EMET 4.0 beta is able to stop one ASLR/DEP bypass technique presented at this year’s CanSecWest; • Early Warning Program: this feature will allow EMET to send contextual data back to Microsoft, through the standard Windows Error Reporting channel, every time that an exploit has been detected and stopped. We are adding this feature to help us respond to new 0day exploits as soon as possible. • Audit mode: if an exploit is detected, EMET will not kill the attacked process but it will just report the attack and let the process continue. This mode is only applicable to certain mitigations, for example the ROP-related ones, that detect the attack when the process is not already in a crashed state. This feature is useful for enterprise customers for testing purposes and to spot false-positives and app-compat problems without compromising the user experience; EMET 4.0 beta also includes several bug fixes and UI changes to improve the overall user experience. Also, at the end of the installation, EMET will automatically import settings to protect Internet Explorer, Microsoft Office, Adobe Acrobat/Reader, and Oracle Java, as well as a pre-defined set of rules for the Certificate Trust feature that will monitor the main Microsoft online services. More information are available in the User Guide, available in the EMET installation folder. Please remember that EMET 4.0 requires .NET Framework 4, and in order to protect Internet Explorer 10 on Windows 8 you need to install KB2790907 – a mandatory AppCompat update that has been released on March 12th. Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.
Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits: 1. No source code needed: Until now, several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available. 2. Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process. 3. Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software. 4. Ease of use: The policy for system wide mitigations can be seen and configured with EMET's graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform. 5. Ease of deploy: EMET comes with built-in support for enterprise deployment and configuration technologies. This enables administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment. 6. Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.
During my recent TechEd India 2013, Pune event, I was asked a question during our Stump the Speaker Session, the question was about what all Microsoft Server software is supported in Windows Azure Virtual Machines environment. And I have responded to the audience to wait for some time so that Azure team to share more details. Well, after the Windows Azure GA announcement, Microsoft has released a list of Microsoft server software supported in Windows azure Virtual Machines.
Feel free to share the following information with your customers. Hope it helps
This article discusses the support policy for running Microsoft server software in the Windows Azure Virtual Machine environment (infrastructure-as-a-service). Microsoft supports Microsoft server software running in the Windows Azure Virtual Machine environments as listed in the "More Information" section. This support is subject to the Microsoft Support Lifecycle policy. For more information, visit the following Microsoft website: http://support.microsoft.com/?pr=lifecycle
All Microsoft software installed in the Windows Azure Virtual Machine environment must be properly licensed. Windows Azure Virtual Machines include by default a license for use of Windows Server in the Windows Azure environment. Certain Windows Azure Virtual Machine offerings may also include additional Microsoft software on a per-hour or evaluation basis. Licenses for other software must be obtained separately. For information about Microsoft’s License Mobility program see: http://www.microsoft.com/licensing/software-assurance/license-mobility.aspx
In some cases, specific versions of Microsoft server software are required for support. These versions are noted in this article, and the supported versions may be updated as needed.
Microsoft BizTalk Server Microsoft BizTalk Server 2013 and later is supported. Microsoft Dynamics GP Microsoft Dynamics GP 2013 and later is supported. Microsoft Dynamics NAV Microsoft Dynamics NAV 2013 and later is supported. Microsoft Forefront Identity Manager Microsoft Forefront Identity Manager 2010 R2 SP1 and later is supported. Microsoft Project Server Microsoft Project Server 2013 and later is supported. Microsoft SharePoint Server Microsoft SharePoint Server 2010 and later is supported on Windows Azure Virtual Machines. For more information, please see http://technet.microsoft.com/en-us/library/jj154957
Microsoft SQL Server 64-bit versions of Microsoft SQL Server 2008 and later are supported. Please see http://support.microsoft.com/?id=956893
for details. Microsoft System Center System Center 2012 SP1 and later is supported for the following applications:
FOR ORIGINAL ARTICLE VISIT: http://support.microsoft.com/kb/2721672
As you all aware we just concluded MMS 2012 event in Las Vegas.
Perhaps you missed a session or you weren't able to join us in person. Or maybe you just want to watch your favorite session over and over again. No problem! Session recordings and supporting materials are available 24-48 hours after the live presentation on MSDN Channel 9.
As part of our ongoing efforts to improve relationships with our customers and partners, Microsoft conducts a periodic worldwide Global Relationship Study via an independent market research company. If you have received a Microsoft branded e-mail invitation from Microsoft Feedback (firstname.lastname@example.org) to participate in this research, you can trust that the invitation was sent on our behalf. This is a valid Microsoft survey.
To all the IT Pros request you to share your sincere feedback. We are more than happy to have your feedback shared with us.
As always THANK YOU very much for your support.
Regards, Aviraj Ajgekar Technical Evangelist
Today we’re excited to announce that the Microsoft Desktop Optimization Pack (MDOP) 2013 for Software Assurance is now available for download! When people think about MDOP, they often think about its virtualization tools that help personalize user experience, simplify app deployment, and improve app compatibility for Windows. MDOP is much more than that though, it also helps manage and deploy important Windows features like BitLocker and Group Policy, as well as saves time by helping to make desktop repair planning proactive instead of reactive.
Here is the detailed blog post Making Windows 8 Even More Manageable with MDOP 2013
Group Policy tools use Administrative template files to populate policy settings in the user interface. This allows administrators to manage registry-based policy settings.
You can download them from the following link