News

Microsoft Security Intelligence Report Version 9 Now Available http://www.microsoft.com/security/sir/default.aspx

Covering the first half of 2010 (January 1 - June 30), Volume 9 of the Security Intelligence Report includes intelligence on botnets and how to combat this threat, details on botnet and malware infection rates worldwide, and the latest security data and trends analysis captured by Microsoft security analysts. Also included are recommended techniques to protect your organization, software, and people.


Introducing the IT Compliance Management Series
http://technet.microsoft.com/en-gb/library/dd206732.aspx
Designed to help eliminate the murkiness of IT governance, risk, and compliance (GRC), the IT Compliance Management Series is designed to help bridge the knowledge gap for IT pros by translating auditor expectations and IT GRC authority document requirements into real IT tasks through the use of control activities that are specific to a particular technology or platform.


IT GRC Process Management Pack (PMP) for System Center Service Manager
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=aff058bb-628f-4a7d-b566-317cb53f666e&displaylang=en
Get end-to-end compliance management and automation for desktop and datacentre computers including tools to translate complex regulations and standards into authoritative control objectives and control activities for your organization’s IT compliance program.


Active Directory Federation Services 2.0: Open Doors to the Cloud
http://technet.microsoft.com/en-gb/magazine/ff721824.aspx
Explore how the new Microsoft Active Directory Federation Services release promises to up the ante on cloud security.

Microsoft Security Bulletin Summary for Oct, 2010

http://www.microsoft.com/technet/security/bulletin/ms10-Oct.mspx

Security Bulletin Overview for October 2010

Microsoft Security Response Center (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067

Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068

Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069

iPod Video (MP4) http://go.microsoft.com/?linkid=9683070

MP3 Audio http://go.microsoft.com/?linkid=9683071

High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072

Zune Video (WMV) http://go.microsoft.com/?linkid=9683073

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804

See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.

Forefront TMG and ISA Server

Forefront Security TechCenter

http://technet.microsoft.com/forefront/default.aspx

Please note that if you have feedback on documentation or wish to request new documents - email isadocs@microsoft.com

Forefront Threat Management Gateway 2010 homepage

http://technet.microsoft.com/en-gb/forefront/ee807302.aspx

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:

Unable to download files through Forefront TMG 2010 when Malware Inspection is Enabled

http://blogs.technet.com/b/isablog/archive/2010/09/28/unable-to-download-files-through-forefront-tmg-2010-when-malware-inspection-is-enabled.aspx

Forefront TMG/UAG Help Wanted at Microsoft in Reading, UK and Munich, Germany

http://blogs.technet.com/b/isablog/archive/2010/09/29/forefront-tmg-uag-help-wanted-at-microsoft-in-reading-uk-and-munich-germany.aspx

Expect the unexpected… Failed Connection 995 and 64 with SSL Traffic

http://blogs.technet.com/b/isablog/archive/2010/09/30/expect-the-unexpected-failed-connection-995-and-64-with-ssl-traffic.aspx

TMG Reports stop working after installing TMG 2010 SP1

http://blogs.technet.com/b/isablog/archive/2010/10/05/tmg-reports-stop-working-after-installing-tmg-2010-sp1.aspx

How to determine which version of TMG 2010 is installed

http://blogs.technet.com/b/isablog/archive/2010/10/11/how-to-determine-which-version-of-tmg-2010-is-installed.aspx

The « test rule » button fails with error “Failed to get domain controller name for this published server”

http://blogs.technet.com/b/isablog/archive/2010/10/14/the-171-test-rule-187-button-fails-with-error-failed-to-get-domain-controller-name-for-this-published-server.aspx

The Exchange Edge default Receive connector gets unexpectedly disabled even though the Email policy is not configured

http://blogs.technet.com/b/isablog/archive/2010/10/15/the-exchange-edge-default-receive-connector-gets-unexpectedly-disabled-even-though-the-email-policy-is-not-configured.aspx

TMG is Unable to Listen on Port 80 (no IIS was not installed)

http://blogs.technet.com/b/isablog/archive/2010/10/16/tmg-is-unable-to-listen-on-port-80-no-iis-was-not-installed.aspx

Understanding Performance Impact of Fast Trickling Option on TMG 2010

http://blogs.technet.com/b/isablog/archive/2010/10/20/understanding-performance-impact-of-fast-trickling-option-on-tmg-2010.aspx

Forefront Unified Access Gateway & Intelligent Application Gateway 2007

Forefront Unified Access Gateway 2010 Technical Resources

http://technet.microsoft.com/en-gb/forefront/edgesecurity/ee907407.aspx

For comments, feedback, and requests, contact the Forefront UAG User Assistance team at uagdocs@microsoft.com.

Forefront Unified Access Gateway Product Team Blog

The UAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:

Forefront UAG 2010 – Update 2

http://blogs.technet.com/b/edgeaccessblog/archive/2010/10/17/forefront-uag-2010-update-2.aspx

Announcing Forefront UAG 2010 Service Pack 1

http://blogs.technet.com/b/edgeaccessblog/archive/2010/10/21/announcing-forefront-uag-2010-service-pack-1.aspx

Forefront Edge on the Wiki

The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.

TMG - http://social.technet.microsoft.com/wiki/contents/articles/tags/tmg/default.aspx

UAG - http://social.technet.microsoft.com/wiki/contents/articles/tags/UAG/default.aspx

Documents


Security Tip of the Month: How to Deploy Your First Windows Azure Application: Step by Step
http://technet.microsoft.com/en-gb/ee957681.aspx
Watch a step-by-step demonstration on how to deploy a new Windows Azure Web Role Application to the Cloud in Azure Platform, create a new Azure Storage Service for the application's data access, create a new Azure Hosted Application Service, configure and publish the Web Role Application's package and configuration, and deploy the application to Azure staging and production environments.

Patterns & practices: Cloud Security Approach in a Nutshell http://technet.microsoft.com/en-gb/ff742848.aspx
Discover the cornerstone concepts that lay a foundation for Microsoft's patterns & practices Cloud Security approach. Microsoft's patterns & practices represent applied engineering guidance that includes both production quality source code and documentation.

Building Applications that Use AppFabric Access Control http://msdn.microsoft.com/library/ee725242.aspx
The Windows Azure AppFabric Access Control (AC) service can be accessed from any Web service platform including .NET Framework, WCF, Silverlight, ASP.NET, Java, Python, Ruby, PHP, and Flash. Learn how Web services can rely on AC for authentication and authorization, and how to use AC in your applications.

Security Talk: Windows Azure Security - A Peek Under the Hood http://technet.microsoft.com/en-us/edge/security-talk-windows-azure-security-a-peek-under-the-hood.aspx?query=1
Find out how Windows Azure is structured to accept software and configuration requests from customers, deploy the software within virtual machines, and allocate storage and database resources to hold a persistent state-all while maintaining a minimal attack surface and several layers of defense in depth. This presentation also offers insight on how Windows Azure security compares with systems operated on a customer's premises.

Compliance Reporting: First Step in Controlling Client Cloud Access http://technet.microsoft.com/en-gb/magazine/ff720178.aspx
Find steps on how to improve your auditing and compliance reporting by using Access Protection (NAP) with IPsec connectivity technologies like DirectAccess to control client access.

Security Best Practices for Developing Windows Azure Applications http://technet.microsoft.com/en-gb/magazine/ff720178.aspx
Download this paper for details on the security challenges and recommended approaches to design and develop more secure applications for Microsoft's Windows Azure platform.

How to Use AppFabric to Provide Access Control for a Cloud Application http://msdn.microsoft.com/en-gb/ff728569.aspx
Windows Azure's AppFabric provides a foundation for rich cloud-based service and access control offerings. Join Hilton Giesenow, host of The Moss Show SharePoint Podcast, as he takes you through getting started with Windows Communication Foundation (WCF) services and the Windows Azure platform AppFabric ServiceBus component to extend WCF services into the cloud.

Cloud Cover Episode 8 - Shared Access Signatures http://channel9.msdn.com/shows/Cloud+Cover/Cloud-Cover-Episode-8-Shared-Access-Signatures/
Learn how to create and use Shared Access Signatures (SAS) in Windows Azure blob storage and discover how to easily create SAS signatures yourself.

Cloud Cover Episode 15 - Certificates and SSL http://channel9.msdn.com/shows/Cloud+Cover/Cloud-Cover-Episode-15-Certificates-and-SSL/
Find out how certificates work in Windows Azure and how to enable Secure Sockets Layer (SSL) protocols. Also discover a tip on uploading public key certificates to Windows Azure.

Cloud Security: Safely Sharing IT Solutions http://technet.microsoft.com/en-gb/magazine/gg296364.aspx
Explore ways to share IT solutions between the fixed cost of local resources and the variable cost of cloud resources without losing control of access to enterprise assets.

Downloads

Data Governance - Managing Technological Risk

Discusison of the core data governance capabilities related to technology.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e4ff1afe-69cd-4bfd-aeaa-c0519ba04272

Data Governance - A Capability Maturity Model

This paper presents a blueprint for organizations to implement the capabilities needed to establish a successful DGPC program.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1a45054b-b073-44e6-84f8-bee33c268f33

Microsoft Anti-Cross Site Scripting Library V4.0

AntiXSS 4.0 helps you to protect your applications from cross-site scripting attacks.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651

Microsoft Office Protocol Documentation

The Office protocol documentation provides technical specifications for Microsoft proprietary protocols that are implemented and used in the Microsoft Office system.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e7a23d42-0835-440f-9400-badfe9672b21

Microsoft and Data Privacy

This paper examines trends in the evolving data management landscape and describes how Microsoft is providing leadership in protecting individuals’ personal information.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=297c2531-2621-446a-9efb-db87f76de02e

Microsoft SharePoint Products and Technologies Protocol Documentation

The Microsoft SharePoint Products and Technologies protocol documentation provides technical specifications for Microsoft proprietary protocols that are implemented and used in SharePoint Products and Technologies.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5e94ad07-902c-422f-aadd-ff2bba9e540a

Microsoft and Data Breach Notification

Microsoft and Data Breach Notification

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b378d038-566d-47e1-8946-ba0561e0b988

TwC Enterprise Data Governance White Paper

Private enterprise privacy white paper, providing Microsoft's perspective on the role that technology plays in helping enterprises responsibly protect and manage personal information.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=53035b0d-66be-415a-aadc-ae47105af354

Data Governance White Paper

Data Governance White Paper

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5c711a4d-e7a9-44af-985e-f36774417f2b

IT GRC Process Management Pack for System Center Service Manager

The Microsoft® IT GRC Process Management Pack for System Center Service Manager(SCSM) provides end-to-end compliance management and automation for desktop and datacenter computers. Deeply integrated with SCSM the IT GRC Process Management pack translates complex regulations and standards into authoritative control objectives and control activities for the IT organization’s compliance program.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=aff058bb-628f-4a7d-b566-317cb53f666e

A Guide to Data Governance for Privacy, Confidentiality, and Compliance

Data governance is an approach that public and private entities can use to organize one or more aspects of their data management efforts, including business intelligence (BI), data security and privacy, master data management (MDM), and data quality (DQ) management. This series describes the basic elements of a data governance initiative for privacy, confidentiality, and compliance.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8ba05a48-f46c-491d-8857-6d9d6da2d3e3

Data Governance - People and Process

This paper examines the People and Process core capability areas required to enable Data Governance for Privacy, Confidentiality and Compliance.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b42cc616-fb59-4942-bc43-d4992dcb6f51

Microsoft and Data Breach Notification: Guidance for Enterprise Organizations

Document presenting data breach risks and concerns for organizations, and guidance for responding to a data breach.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=49151c48-dd1d-4094-8722-d1e74f821426

Privacy Guidelines for Developing Software Products and Services

This document is a set of privacy guidelines for developing software products and services that are based on our internal guidelines and our experience incorporating privacy into the development process.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c48cf80f-6e87-48f5-83ec-a18d1ad2fc1f

IT Compliance Management Series

The IT Compliance Management Series—a combination of IT Compliance Management Libraries for Windows Server 2008, Windows Server 2008 R2, Windows 7, and Microsoft System Center—provides prescriptive guidance that helps IT pros configure Microsoft products to address specific IT governance, risk, and compliance (GRC) requirements.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=37ec588c-e1bc-415b-acaa-b9b4d494f466

September 2010 Security Release ISO Image

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on September 14th, 2010.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=29f2d1bc-f763-415d-8c83-7df07e82ffed

Microsoft Business Ready Security Trial Environment (4.0c)

The Microsoft Business Ready Security trial environment provides an end to end trial experience across all of the Business Ready Security solutions. The environment provides an opportunity to evaluate protection, access, management and identity technologies as a pre-configured set of VHDs.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=726f943e-d107-4b4d-a86e-dfb605e30ce5

Microsoft Security Essentials

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e1605e70-9649-4a87-8532-33d813687a7f

FIM 2010 Planning and Architecture Collection

The Planning and Architecure Collection contains information for capacity and topology planning for a FIM 2010 deployment.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=eacb59ea-92cc-4e2b-a6ae-5b699758403e

Security Update for Microsoft Silverlight (KB978464)

This security update to Silverlight includes fixes outlined in KB 978464.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7e3f6c16-1339-49bc-a60c-ddc6c3a54850

Information Rights Management in Office for Mac 2011 Deployment Guide

The Information Rights Management in Office for Mac 2011 deployment guide is for IT managers, system administrators, or other people who are responsible for testing IRM implementation in Office for Mac.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=598cb9d3-2fdc-45e4-89f6-d2685a47c34c

Communicator for Mac 2011 Deployment Guide

Intended for IT Professionals, the Microsoft Communicator for Mac 2011 Deployment Guide provides guidance for using Microsoft Communicator for Mac 2011 with Microsoft Office Communications Server 2007 R2.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7c4f539d-eb3c-422a-9b35-022970fc9c34

Defend Your Computer Consumer Brochure

Brochure offering guidance on building your computer's defenses, avoiding being tricked into downloading malware, and what to do if your computer is not running as usual.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bc43f79f-4b4a-42c8-a8d1-72d14e21d0df

Botnets: Guidance for Governments

One page document for policymakers and their influencers addressing Microsoft's approach to the problem of botnets.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b7afc814-f08b-4d78-a6b3-8631be54510e

Microsoft Security Intelligence Report volume 9 (January - June 2010)

This is the ninth volume of the Microsoft Security Intelligence Report

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b5f9eddc-70dc-4b11-996b-1bc6987c44b9

SDL Regex Fuzzer

SDL Regex Fuzzer is a tool to help test regular expressions for potential denial of service vulnerabilities.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8737519c-52d3-4291-9034-caa71855451f

Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=585d2bde-367f-495e-94e7-6349f4effc74

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356

Privacy in the Cloud Computing Era: A Microsoft Perspective

Microsoft’s perspective on cloud computing and privacy. (US English)

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=d9e313ab-e3cd-490b-9c54-f6626abf63b3

Cloud Computing Security Considerations

This paper provides a high-level discussion of the fundamental challenges and benefits of cloud computing security, and raises some of the questions that cloud service providers and organisations using cloud services need to consider when evaluating a new move, or expansion of existing services, to the cloud.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=68fedf9c-1c27-4642-aa5b-0a34472303ea

Security in Cloud Computing - A Microsoft Perspective

This paper examines, at a high level, the changes that this evolution will likely bring to computer security and includes benefits as well as challenges.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7c8507e8-50ca-4693-aa5a-34b7c24f4579

How Microsoft Reduces Operational Risk through Business Continuity Management

Business Continuity Management (BCM) equips Microsoft IT with operational intelligence to enhance their decision-making processes, manage risk, and gain a competitive advantage in preparation for adverse situations. Microsoft IT implements BCM frameworks within the company to ensure maximum employee safety and continued critical business processes and system availability with the goal of minimizing adverse impacts to Microsoft employees, customers, partners, and stakeholders.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=67697ffe-6fcc-4f35-865f-a6276f8fc0fb

Forefront Unified Access Gateway (UAG) Server Pack One (SP1) Release Candidate (RC)

The release candidate version of Forefront Unified Access Gateway (UAG) Server Pack One (SP1) provides a number of new features, including support for publishing ADFS 2.0; an improved Forefront UAG DirectAccess experience; one-time password (OTP) authentication for DirectAccess clients, and integration of Forefront UAG Update 1 and Update 2.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=980ff09f-2d5e-4299-9218-8b3cab8ef77a

Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook®

The Junk E-mail Reporting Tool lets you directly report junk e-mail to Microsoft and its affiliates for analysis to help us improve the effectiveness of our junk e-mail filtering technologies.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=53541292-ce94-4c5b-9127-b7d56f11b619

Events/WebCasts

Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

http://www.microsoft.com/events/security/upcoming.mspx

Register for the following Webcasts on the link above

TechNet Webcast: Information About Microsoft November Security Bulletins (Level 200)

Wednesday, November 10, 2010 10:00 A.M.-11:30 A.M. Pacific Time

TechNet Webcast: Using the Microsoft Security Intelligence Report v9 (Level 200)

Monday, November 01, 2010 10:00-11:00 A.M. Pacific Time

On-Demand Security Webcasts

http://www.microsoft.com/events/security/ondemand.mspx

Visit TechNet Spotlight

www.microsoft.com/technetspotlight

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more

A.O.B