Technical RollUp

Premier Field Engineering - Technical Rollup Mails

December 2008 - Technical Rollup Mail - Security

December 2008 - Technical Rollup Mail - Security

  • Comments 1
  • Likes

NEWS

Security

The Great Debate: Security by Obscurity http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859047&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

By Jesper M. Johansson, Software Architect and Microsoft MVP in Enterprise Security, and Roger Grimes, Senior Security Consultant, Microsoft ACE Team Security by obscurity involves taking measures that do not remove an attack vector but instead conceal it. Some argue that this is a bad practice while others claim that as part of a larger strategy, every bit counts. The debate is quite heated, and, in this article, some of our finest security experts face off, explaining security by obscurity and presenting both sides of the debate.

New Microsoft Security Intelligence Report Released http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859048&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

Volume 5 of the Security Intelligence Report (SIR) contains an all-new examination of the threat ecosystem and the use of botnets to spread threats. It also includes unique content on browser-based exploits and updated information on software vulnerability disclosures, vulnerability exploits, security and privacy breaches and trends in malicious and potentially unwanted software. With extensive guidance on mitigations and countermeasures, SIR is a valuable tool for all IT professionals who need to know what is happening in the threat ecosystem.

Download the Latest Microsoft Security Intelligence Report (SIRv5) http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10846335&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

Get the free report with in-depth perspectives on the changing threat landscape, including software vulnerability disclosures and exploits, malicious software, and potentially unwanted software. Also watch the latest “Bret and Vinnie Show” as they discuss the latest report.

Get Dynamic Reports with Extended Content http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10846336&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

Download the Microsoft Security Assessment Tool (MSAT) and access a set of dynamic reports that are generated from the assessment answers. The authoritative prescriptive guidance that is generated from your assessment answers will help you speed remediation of the security issues found.

Microsoft Code Name “Geneva” http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859049&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

Microsoft code name “Geneva” is an open platform for simplified user access based on claims. This release consists of three components: Geneva Framework for .NET developers, Geneva Server for IT Pros, and Windows CardSpace Geneva for users. Read the white paper http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10858969&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 David Chappell for an overview of the platform, and then visit the Microsoft Connect Geneva home page http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10858970&s1=68628015-2ccc-cbc7-31b9-0e76c3415474 for access to downloads and other resources.

Research Paper: Malware Development Lifecycle http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859050&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

Presented at the Virus Bulletin 2008 (VB2008) Conference in October, this paper tracks the evolution of certain families of malware as they have grown and diversified, adapting and improving to effectively accomplish their required results.

Microsoft Security Bulletin Summary for November, 2008

http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx

Basic Alerts

Microsoft's free monthly Security Notification Service provides links to security-related software updates and notification of re-released Microsoft Security Bulletins. The goal of this service is to provide accurate information you can use to protect your computers and systems from malicious attacks. These bulletins are written for IT professionals, contain in-depth technical information, and e-mails are digitally-signed with PGP.

E-mail: Security Notification Service https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizard.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&lcid=1033

RSS: Security for IT Professionals http://www.microsoft.com/technet/security/bulletin/secrss.aspx

Windows Live Alert: Technical Security Update Alerts http://signup.alerts.live.com/alerts/jump.do?PINID=3274

Web Site: Bulletin Search http://www.microsoft.com/technet/security/bulletin

Comprehensive Alerts

The free Comprehensive alerts serve as an incremental supplement to the Basic Alerts. It provides advance notification of upcoming security bulletins, Security advisories, and timely notification of any minor changes to previously released Microsoft Security Bulletins or Advisories. These notifications are written for IT professionals, contain in-depth technical information, and e-mails are digitally-signed with PGP.

E-mail: Security Notification Service Comprehensive Edition https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizard.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&lcid=1033

RSS: Comprehensive Alerts http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

Web Site: Bulletin Search http://www.microsoft.com/technet/security/current.aspx

Security Advisories Alerts

Microsoft Security Advisories are a way for Microsoft to communicate security information to customers about issues that may not be classified as vulnerabilities and may not require a security bulletin. Each advisory will be accompanied with a unique Microsoft Knowledge Base Article number for reference to provide additional information about the changes.

E-mail: Security Notification Service Comprehensive Edition [1] https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizard.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&lcid=1033

RSS: Security Advisories http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory

Windows Live Alert: Technical Security Advisory Alerts http://signup.alerts.live.com/alerts/jump.do?PINID=3274

Web Site: Security Advisories http://www.microsoft.com/technet/security/advisory

[1] Note There is not a separate Comprehensive E-mail Notification service for Security Bulletins and Security Advisories

Microsoft Security Response Center Blog Alerts

The Microsoft Security Response Center (MSRC) blog provides a real-time way for the MSRC to communicate with customers. Topics include day-to-day, "behind the scenes" information to help customers understand Microsoft security response efforts; updates during the early stages of security incidents; and regular postings for the bulletin release cycle.

RSS: MSRC Blog http://blogs.technet.com/msrc/rss.xml

Windows Live Alert: MSRC Blog http://signup.alerts.msn.com/alerts/login.do?PINID=32551266&returnurl=http://blogs.technet.com/msrc

Microsoft Internet Security and Acceleration Server

Forefront Edge Security TechCenter

http://technet.microsoft.com/en-gb/forefront/edgesecurity/default.aspx

Please note that if you have feedback on documentation or wish to request new documents - email isadocs@microsoft.com

Forefront Edge Security Community

http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687298.aspx

New Community Contributed Content includes:

Overview of the Logging Improvements in Forefront Threat Management Gateway (TMG)

http://technet.microsoft.com/library/dd183731.aspx

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:

ISA Policy Storage 101

http://blogs.technet.com/isablog/archive/2008/10/29/isa-policy-storage-101.aspx

Adventures in NLB Troubleshooting

http://blogs.technet.com/isablog/archive/2008/10/29/adventures-in-nlb-troubleshooting.aspx

Walk-through for RSA SecurID Delegation for ISA Server 2006

http://blogs.technet.com/isablog/archive/2008/10/29/walk-through-for-rsa-securid-delegation-for-isa-server-2006.aspx

New TMG Logging Architecture

http://blogs.technet.com/isablog/archive/2008/10/30/new-tmg-logging-architecture.aspx

Web requests from an ISA-local web application may receive unexpected authentication prompts.

http://blogs.technet.com/isablog/archive/2008/11/11/web-requests-from-an-isa-local-web-application-may-receive-unexpected-authentication-prompts.aspx

ISA UI trick: Move rule several places

http://blogs.technet.com/isablog/archive/2008/11/18/isa-ui-trick-move-rule-several-places.aspx

Did you miss it? The Launch of Windows Essential Business Server 2008

http://blogs.technet.com/isablog/archive/2008/11/19/did-you-miss-it-the-launch-of-windows-essential-business-server-2008.aspx

Error Installing SQL Server 2005 SP2 Security Update 948109 on TMG

http://blogs.technet.com/isablog/archive/2008/11/21/error-installing-sql-server-2005-sp2-security-update-948109-on-tmg.aspx

Error 10060 while browsing Internet through ISA Server 2006

http://blogs.technet.com/isablog/archive/2008/11/24/error-10060-while-browsing-internet-through-isa-server-2006.aspx

Intelligent Application Gateway 2007

Intelligent Application Gateway 2007 Technical Resources

http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687299.aspx

Forefront Edge Security Community

http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687298.aspx

Intelligent Application Gateway Product Team Blog

The IAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:

IAG SP2 – It is all about the application

http://blogs.technet.com/edgeaccessblog/archive/2008/11/02/iag-sp2-it-is-all-about-the-application.aspx

Securely Publishing Dynamics CRM 4.0 by Using IAG SP2

http://blogs.technet.com/edgeaccessblog/archive/2008/11/06/securely-publishing-dynamics-crm-4-0-by-using-iag-sp2.aspx

IAG SP2 Goes Virtual

http://blogs.technet.com/edgeaccessblog/archive/2008/11/26/iag-sp2-goes-virtual.aspx

DOCUMENTS

Microsoft Security Assessment Tool 4.0 http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859051&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

The Microsoft Security Assessment Tool employs a holistic approach to measuring your security posture by covering topics across people, process, and technology. This revised version features an updated defense-in-depth assessment plus questions related to the evolving threat landscape. Findings are coupled with prescriptive guidance and recommended mitigation efforts, including links to more information for additional industry guidance.

IT Compliance Management Guide http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859052&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

The IT Compliance Management Guide can help you shift your governance, risk, and compliance (GRC) efforts from people to technology. Use its configuration guidance to help efficiently address your organization's GRC objectives.

Microsoft Encrypting File System Assistant http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859053&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

The Encrypting File System (EFS) Assistant is a software tool you can use to centrally control EFS settings on your mobile or desktop PCs. The EFS Assistant can help you encrypt the sensitive files on your users' laptops, regardless of where those files are located. Part of the Data Encryption Toolkit for Mobile PCs http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10858971&s1=68628015-2ccc-cbc7-31b9-0e76c3415474, a community version of the tool, is also available from CodePlex at www.codeplex.com/EFSAssistant http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10858972&s1=68628015-2ccc-cbc7-31b9-0e76c3415474.

Configuring Security in IIS 7.0 http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859054&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

Windows Server 2008 featuring Internet Information Services 7.0 (IIS 7.0) is a powerful Web application and services platform that delivers rich Web-based experiences. Learn how to install and configure security settings for IIS 7.0, including built-in user and group accounts, URL authorization, SSL, and request filtering.

UrlScan v3.0 http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859055&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

UrlScan version 3.1 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) 6.0 will process. UrlScan screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed.

Checklist: Securing Web Services http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859056&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

Part of the patterns and practices guide for "Improving Web Application Security," this checklist is designed to help developers build and secure Web services by outlining design, development, and administrative considerations.

A Guide to Securing ISA Server 2006 http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10859057&s1=68628015-2ccc-cbc7-31b9-0e76c3415474

Get best practices for securing your servers, using the Security Configuration Wizard, and assigning administrative roles.

DOWNLOADS

IT Compliance Management Guide

The IT Compliance Management Guide is intended for IT managers and IT professionals who must plan for and address the governance, risk, and compliance (GRC) requirements of their organizations.

http://www.microsoft.com/downloads/details.aspx?FamilyID=bd930882-0d39-4900-9a79-b91f213ed15d&DisplayLang=en

Data Encryption Toolkit for Mobile PCs

This toolkit is intended to help you secure the data on your organization’s mobile PCs--in a cost-effective way--using Encrypting File System (EFS) and Microsoft BitLocker Drive Encryption (BitLocker) technologies.

http://www.microsoft.com/downloads/details.aspx?FamilyID=1a99576a-fe67-418f-88b1-81e2055fe977&DisplayLang=en

.NET Rocks! - Andrew Delin on SOX Compliance

Carl and Richard talk to Andrew Delin about why developers should care about the Sarbanes Oxley Act and why a compliance plan is in your best interest.

http://www.microsoft.com/downloads/details.aspx?FamilyID=13fe0c9c-b5a9-48b6-bec2-530df5bbe0ab&DisplayLang=en

Microsoft Antigen SP1 Documentation

http://www.microsoft.com/downloads/details.aspx?FamilyID=7d00160e-4d15-4459-98a3-89f393ac008e&DisplayLang=en

Microsoft Security Assessment Tool 4.0

The Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure.

http://www.microsoft.com/downloads/details.aspx?FamilyID=cd057d9d-86b9-4e35-9733-7acb0b2a3ca1&DisplayLang=en

Microsoft Online Services Sign In Tool V1

Client application that enables single sign-on to Microsoft Online Services

http://www.microsoft.com/downloads/details.aspx?FamilyID=01f6c0e4-f897-442a-8462-425f8edddad9&DisplayLang=en

Microsoft Urlscan Filter v3.1 (x64)

This MSI package will install Urlscan v3.1 on your system.

http://www.microsoft.com/downloads/details.aspx?FamilyID=361e5598-c1bd-46b8-b3e7-3980e8bdf0de&DisplayLang=en

Microsoft Security Intelligence Report (January – June 2008)- Executive Summary

This is the fifth volume of the Microsoft Security Intelligence Report (SIR).

http://www.microsoft.com/downloads/details.aspx?FamilyID=1eab2902-46df-4ed6-8149-a7f7a935dbe7&DisplayLang=en

Microsoft Security Intelligence Report volume 5 (January – June 2008)

This is the fifth volume of the Microsoft Security Intelligence Report (SIR).

http://www.microsoft.com/downloads/details.aspx?FamilyID=b2984562-47a2-48ff-890c-edbeb8a0764c&DisplayLang=en

Identity Lifecycle Manager "2" RC Release

This download contains the Release Candidate version of Identity Lifecycle Manager "2."

http://www.microsoft.com/downloads/details.aspx?FamilyID=17489612-95f4-4dd5-a050-5da4b5d06b86&DisplayLang=en

Identity Lifecycle Manager "2" RC Demo Virtual Hard Disk Image

This package contains a Hyper-V-based demo of Identity Lifecycle Manager "2" RC.

http://www.microsoft.com/downloads/details.aspx?FamilyID=7117b168-e71d-47cc-9739-35f1a68a5e43&DisplayLang=en

SDL Threat Modeling Tool 3.1 beta

http://www.microsoft.com/downloads/details.aspx?FamilyID=a48cccb1-814b-47b6-9d17-1e273f65ae19&DisplayLang=en

Security Features in Microsoft Online

This white paper describes how the Microsoft concern for security, as defined in the Trustworthy Computing initiative, has driven key features in the design, deployment, and operation of the Microsoft Online Services environment.

http://www.microsoft.com/downloads/details.aspx?FamilyID=5736aaac-994c-4410-b7ce-bdea505a3413&DisplayLang=en

Enterprise Data Security Optimization Datasheet

This offering integrates multiple data-protection technologies and “always on” persistent protection to provide comprehensive coverage of the data stored on desktops and servers, as well as data in transit.

http://www.microsoft.com/downloads/details.aspx?FamilyID=eb91333a-c26b-4a0d-9251-80a494df9e5c&DisplayLang=en

Deployment for Microsoft Forefront Server Security Datasheet

Deployment for Forefront Server Security integrates the level of security into your environment, and Microsoft Services can turn that vision into reality in as little as six weeks

http://www.microsoft.com/downloads/details.aspx?FamilyID=6892eaaa-0450-4b78-98e4-34c7a771006d&DisplayLang=en

Security, Identity, and Access Management Datasheet

This offering provides an end-to-end security solution that allows you to move toward a dynamic IT infrastructure while ensuring better security integration, manageability, and efficiency.

http://www.microsoft.com/downloads/details.aspx?FamilyID=b53dee69-a3f9-4800-91a8-42c1b8b365db&DisplayLang=en

Deployment for Microsoft Forefront Client Security Datasheet

Deployment for Microsoft Forefront Client Security easily deploys an advanced, centralized solution to help protect your enterprise.

http://www.microsoft.com/downloads/details.aspx?FamilyID=f3dce10f-b007-4188-a836-5e2cd7d94496&DisplayLang=en

Podcasts: How Microsoft IT Manages Physical Security through Strategic IT Convergence

The purpose of World Wide Security Operations is to protect Microsoft’s assets in a manner consistent with corporate culture.

http://www.microsoft.com/downloads/details.aspx?FamilyID=b72ea3fb-6905-48b6-a987-cc4c032de7e1&DisplayLang=en

SQL Server 2008 Analysis Services Datasheet

Microsoft® SQL Server™ 2008 helps enable organizations to build comprehensive, enterprise-scale analytic solutions that deliver actionable insights through familiar tools.

http://www.microsoft.com/downloads/details.aspx?FamilyID=1ad953e6-2ca9-4d8b-95ff-d5242c4c627a&DisplayLang=en

Security Update for MSXML 4.0 Service Pack 2 (KB954430)

A Security issue has been identified in Microsoft XML Core Services (MSXML) that could allow an atacker to compromise your Windows-based system and gain control over it.

http://www.microsoft.com/downloads/details.aspx?FamilyID=96a4413c-5261-4f69-83d0-932c430abd14&DisplayLang=en

November 2008 Security Release ISO Image

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on November 11th, 2008.

http://www.microsoft.com/downloads/details.aspx?FamilyID=4269c703-a4cf-4071-ab4d-90070348e9b5&DisplayLang=en

Update for Windows Mail Junk E-mail Filter for x64-based Systems [November 2008] (KB905866)

Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.

http://www.microsoft.com/downloads/details.aspx?FamilyID=749e10cd-f40c-4f94-8e38-d4221ded7652&DisplayLang=en

Update for Windows Mail Junk E-mail Filter [November 2008] (KB905866)

Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.

http://www.microsoft.com/downloads/details.aspx?FamilyID=aa029fde-f341-44fc-8b85-0c6f3d3c2d69&DisplayLang=en

Extended Security Update Inventory Tool

The Extended Security Update Inventory Tool is used to detect security bulletins not covered by MBSA including MS04-028, February 2005 bulletins, and future security bulletins that are exceptions to MBSA.

http://www.microsoft.com/downloads/details.aspx?FamilyID=2c93da1d-48a0-4e5c-991f-87e08954f61b&DisplayLang=en

Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/details.aspx?FamilyID=585d2bde-367f-495e-94e7-6349f4effc74&DisplayLang=en

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en

Security Update for Microsoft XML Core Services 6.0 and Service Pack 1 (KB954459)

A security issue has been identified in Microsoft XML Core Services (MSXML) that could allow an attacker to compromise your Windows-based system and gain control over it.

http://www.microsoft.com/downloads/details.aspx?FamilyID=59914795-60c7-4ebe-828d-f28cb457e6e3&DisplayLang=en

Windows Essential Business Server Security and Protection

This document provides information about the configuration of the security components in Windows® Essential Business Server.

http://www.microsoft.com/downloads/details.aspx?FamilyID=cf9a2c7b-3e30-4f38-9b58-d3b4fde780e0&DisplayLang=en

Identity Lifecycle Manager "2" Datasheet

http://www.microsoft.com/downloads/details.aspx?FamilyID=b931926a-8fd6-4983-beeb-45976198b9ba&DisplayLang=en

SQL Server White Paper: SQL Server 2008 Compliance Guide

This paper provides an overview of how to approach compliance for the management of the SQL Server database. It describes the compliance-related features of SQL Server 2008 and how to apply them to IT controls. This paper includes tips and scripts to help jump-start compliance solution development.

http://www.microsoft.com/downloads/details.aspx?FamilyID=6e1021dd-65b9-41c2-8385-438028f5acc2&DisplayLang=en

Microsoft Online Services Sign In Tool V1

Client application that enables single sign-on to Microsoft Online Services

http://www.microsoft.com/downloads/details.aspx?FamilyID=01f6c0e4-f897-442a-8462-425f8edddad9&DisplayLang=en

Microsoft Security Intelligence Report volume 5 (January – June 2008)

This is the fifth volume of the Microsoft Security Intelligence Report (SIR).

http://www.microsoft.com/downloads/details.aspx?FamilyID=b2984562-47a2-48ff-890c-edbeb8a0764c&DisplayLang=en

Microsoft® Forefront™ codename "Stirling" Beta

An integrated security system that is easier to manage and control

Microsoft® Forefront™ codename "Stirling" is an integrated security system that delivers comprehensive, coordinated protection across endpoints, messaging and collaboration servers and the network edge that is easier to manage and control.

http://www.microsoft.com/downloads/details.aspx?FamilyID=65bd5f8a-d94c-457a-9f88-2046597130e1&DisplayLang=en

Update to Mitigate MS08-037 UDP Behavior Across NAT for Microsoft ISA Server 2004 Standard Edition

http://www.microsoft.com/downloads/details.aspx?FamilyID=0AB83F12-653B-4BE1-BEFE-594C4EF62BAA&displaylang=en

Update to Mitigate MS08-037 UDP Behavior Across NAT for Microsoft ISA Server 2004 Enterprise Edition

http://www.microsoft.com/downloads/details.aspx?FamilyID=0AB83F12-653B-4BE1-BEFE-594C4EF62BAA&displaylang=en

Update to Mitigate MS08-037 UDP Behavior Across NAT for Microsoft ISA Server 2006

http://www.microsoft.com/downloads/details.aspx?FamilyID=E96A6E20-0C04-4C7D-9F3E-207B02AE29CC&displaylang=en

EVENTS/WEBCASTS

Visit TechNet Spotlight: www.microsoft.com/technetspotlight

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more

Microsoft Security Webcast Series: Upcoming and On-Demand

Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

http://www.microsoft.com/events/security/upcoming.mspx

Register for the following Webcasts on the link above

TechNet Webcast: Microsoft Security Intelligence Report 5: Latest Trends in Vulnerabilities, Exploits, and Malicious Software (Level 200)

Wednesday, December 8, 2008 8:00 A.M.-9:30 A.M. Pacific Time

TechNet Webcast: Information About Microsoft December Security Bulletins (Level 200)

Wednesday, December 10, 2008 11:00 A.M.-12:00 P.M. Pacific Time

On-Demand Security Webcasts

http://www.microsoft.com/events/security/ondemand.mspx

NEW OR UPDATED KB’s

Microsoft Internet Security and Acceleration Server

DNS queries that pass through Forefront Threat Management Gateway NAT do not use random source ports

http://support.microsoft.com/kb/957298

FIX: After you configure the rules in ISA Server 2006 to apply to all users, ISA Server may sometimes try to authenticate users

http://support.microsoft.com/kb/956924

FIX: ISA Server 2006 may be overloaded with authorization attempts after you apply hotfix 955113

http://support.microsoft.com/kb/956922

FIX: A VPN client that uses RADIUS authentication may not log on to the internal network when the User Mapping option is enabled in ISA Server 2006

http://support.microsoft.com/kb/956923

Description of the ISA Server 2006 hotfix package: August 20, 2008

http://support.microsoft.com/kb/956925

FIX: When you use HTTP to HTTPS redirection in ISA Server 2006, port 0 is appended to the URL

http://support.microsoft.com/kb/956858

DNS queries that pass through an ISA Server 2000 NAT gateway do not use random source ports

http://support.microsoft.com/kb/956637

DNS queries that are passed through ISA Server 2004 NAT do not use random source ports

http://support.microsoft.com/kb/958024

DNS queries that are passed through the ISA Server 2006 NAT do not use random source ports

http://support.microsoft.com/kb/956570

How to block traffic from an Internet-based music sharing service in Microsoft Forefront Threat Management Gateway, Medium Business Edition

http://support.microsoft.com/kb/837447

Kerberos authentication to remote Web servers fails for Web proxy clients

http://support.microsoft.com/kb/840613

How to configure ISA Server 2004, ISA Server 2006 Windows Essential Business Server 2008 to skip name resolution in a Web proxy chaining configuration

http://support.microsoft.com/kb/891244

A.O.B

Join the Discussion on End-to-End Trust http://go.microsoft.com/?linkid=9480793

Microsoft believes the time is ripe for a broad public dialog about how to build a roadmap for bringing Trustworthy Computing to the Internet. To that end, we have established a public discussion forum where anyone concerned about online security and privacy can let their voice be heard.

Security Help and Support for IT Professionals http://go.microsoft.com/?linkid=9480842

TechNet Troubleshooting and Support Page http://go.microsoft.com/?linkid=9480843

Microsoft Security Glossary http://go.microsoft.com/?linkid=9480844

TechNet Security Center http://go.microsoft.com/?linkid=9480845

MSDN Security Developer Center http://go.microsoft.com/?linkid=9480846

Midsize Business Security Center http://go.microsoft.com/?linkid=9480847

Sign-Up for the Microsoft Security Notification Service http://go.microsoft.com/?linkid=9480848

Security Bulletin Search Page http://go.microsoft.com/?linkid=9480849

Home Users: Protect Your PC http://go.microsoft.com/?linkid=9480850

MCSE/MCSA: Security Certifications http://go.microsoft.com/?linkid=9480851

Subscribe to TechNet http://go.microsoft.com/?linkid=9480852

Register for TechNet Flash IT Newsletter http://go.microsoft.com/?linkid=9480853

Register for the UK MSDN Flash Newsletter http://go.microsoft.com/?linkid=9480854

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment