News


Coordinated Vulnerability Disclosure http://www.microsoft.com/security/msrc/report/disclosure.aspx
Supporting the belief that vulnerability disclosure is a shared responsibility best practiced in strong coordination between finders, vendors, and protection providers, Microsoft and other software vendors have adopted the principle of Coordinated Vulnerability Disclosure (CVD). Read an overview of the practices involved or watch an informative video to learn how Microsoft communicates about vulnerabilities with industry peers, customers, and the research community.


Now on Demand: Sessions from Tech.Ed North America 2011 http://northamerica.msteched.com/?CR_CC=200040723&fbid=Mi4EcyTWefZ
Check out the session recordings and hands-on-labs now available on demand. Join myTech.Ed and explore the future of client security, trends in identity management, and much more.


Rediscover Security Guidance from Microsoft Solution Accelerators http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e&displaylang=en
Ever wonder what happened to the security guides from Solution Accelerators? They haven't disappeared, they have simply been repackaged. The previously standalone, product-specific security guides are now part of the Microsoft Security Compliance Manager (SCM) tool. Simply download the tool, import the product baselines you need, and select the Documents tab within each baseline to access trusted security guidance for Windows 7, Windows Server 2008 R2, and other Microsoft products and technologies.

Microsoft Security Bulletin Summary for May, 2011

http://www.microsoft.com/technet/security/bulletin/ms11-May.mspx

Security Bulletin Overview for May 2011

Microsoft Security Response Center (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067

Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068

Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069

iPod Video (MP4) http://go.microsoft.com/?linkid=9683070

MP3 Audio http://go.microsoft.com/?linkid=9683071

High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072

Zune Video (WMV) http://go.microsoft.com/?linkid=9683073

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804

See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805

Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.

Forefront TMG and ISA Server

News

Microsoft Forefront TMG 2010 (Standard Edition and Enterprise Edition) has passed Common Criteria Evaluation Assurance Level 4+ (EAL 4+).

The certification work has been performed by the Federal Office for Information Security (BSI), the Common Criteria certification body of the German government and TÜViT Evaluation Body for IT security which evaluates products worldwide according to the ITSEC and the Common Criteria (CC).

http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/common-criteria.aspx

 

Forefront Security TechCenter

http://technet.microsoft.com/en-gb/forefront/default.aspx

Please note that if you have feedback on documentation or wish to request new documents - email isadocs@microsoft.com

 

Forefront Threat Management Gateway 2010 homepage

http://technet.microsoft.com/en-gb/forefront/ee807302.aspx

 

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:

Microsoft Forefront TMG 2010 (Standard Edition and Enterprise Edition) has passed Common Criteria Evaluation Assurance Level 4+ (EAL 4+)

http://blogs.technet.com/b/isablog/archive/2011/05/11/microsoft-forefront-tmg-2010-standard-edition-and-enterprise-edition-has-passed-common-criteria-evaluation-assurance-level-4-eal-4.aspx

 

Exchange Content Filter settings are ignored

http://blogs.technet.com/b/isablog/archive/2011/05/19/exchange-content-filter-settings-are-ignored.aspx

 

Publishing SharePoint mobile for Windows Phone 7

http://blogs.technet.com/b/isablog/archive/2011/05/30/publishing-sharepoint-mobile-for-windows-phone-7.aspx

 

 

Forefront Unified Access Gateway & Intelligent Application Gateway 2007

Forefront Unified Access Gateway 2010 Technical Resources

http://technet.microsoft.com/en-gb/forefront/edgesecurity/ee907407.aspx

For comments, feedback, and requests, contact the Forefront UAG User Assistance team at uagdocs@microsoft.com.

Forefront Unified Access Gateway Product Team Blog

The UAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:

Firewall settings could not be configured?

http://blogs.technet.com/b/edgeaccessblog/archive/2011/05/04/firewall-settings-could-not-be-configured.aspx

 

AppWrap and SRA

http://blogs.technet.com/b/edgeaccessblog/archive/2011/05/12/appwrap-and-sra.aspx

 

Regular Expression syntax to exclude values from a wildcard expression

http://blogs.technet.com/b/edgeaccessblog/archive/2011/05/20/regular-expression-syntax-to-exclude-values-from-a-wildcard-expression.aspx

 

 

Forefront Edge on the Wiki

The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.

TMG - http://social.technet.microsoft.com/wiki/contents/articles/tags/tmg/default.aspx

UAG - http://social.technet.microsoft.com/wiki/contents/articles/tags/UAG/default.aspx

 

Documents


BitLocker Drive Encryption Deployment Guide for Windows 7 http://technet.microsoft.com/en-gb/library/dd875547(WS.10).aspx?ITPID=secnews
Learn how to deploy BitLocker on computers running Windows 7 Enterprise or Windows 7 Ultimate, explore best practices, and get information on how to audit for compliance.

AppLocker Policies Deployment Guide http://technet.microsoft.com/en-gb/library/ee791890(WS.10).aspx?ITPID=secnews
Get step-by-step guidance to help you design and plan for the deployment of application control policies using AppLocker. Learn how to create application control policies, test and adjust the policies, and implement a method for maintaining those policies as the needs in your organisation change.

App-V with AppLocker Executable Rules http://technet.microsoft.com/en-GB/windows/ee532032.aspx?ITPID=secnews
This video demonstrates how you can create AppLocker executable policies for virtual applications. You'll also learn how Microsoft Application Virtualization (App-V) separates the application from the operating system to prevent application conflicts and enable the ability to run multiple versions of an application of the same desktop.

App-V with AppLocker Windows Installer Rules http://technet.microsoft.com/en-GB/windows/ee532036.aspx
Learn how you can create an AppLocker Windows Installer policy for virtual applications. In this video, you will see how you can use App-V and AppLocker together to help ensure that an application will respect the policies you define, regardless of how the application is delivered or what format it takes (physical or virtual).

Group Policy for Beginners http://technet.microsoft.com/en-gb/library/hh147307(WS.10).aspx?ITPID=secnews
New to using Group Policy to control computer configurations? Discover what you can do with Group Policy and get step-by-step instructions, with plenty of screenshots, for the most common Group Policy tasks you can use to control your Windows 7 desktops. For more complex configuration guidance, read the Group Policy Planning and Deployment Guide.

Strong Authentication with One-Time Passwords in Windows 7 and Windows Server 2008 R2  http://technet.microsoft.com/en-gb/library/gg637807(WS.10).aspx?ITPID=secnews
Explore a certificate-based approach to implementing a one-time password (OTP) authentication solution for computers running the Windows 7 or Windows Server 2008 R2 operating systems. The approach can be used to require two-factor authentication with remote access technologies such as DirectAccess.

Windows Smart Card Technical Reference http://technet.microsoft.com/en-gb/library/ff404297(WS.10).aspx?ITPID=secnews
Familiarise yourself with the Windows smart card infrastructure and learn how smart card–related components work in Windows. This guide also contains information about tools that information technology (IT) developers and administrators can use to troubleshoot, debug, and deploy smart card–based strong authentication in the enterprise.

Using Microsoft SCM to Simplify Security and Compliance for Your Windows 7 Environment http://technet.microsoft.com/en-GB/edge/gg549956.aspx
Learn how you can use Microsoft Security Compliance Manager to strengthen your Windows 7 environment with security settings customised for your organisation. The video will walk you through the process of preparing a customised Windows 7 security baseline for deployment, and show you how SCM can help you simplify security and compliance for the most widely used Microsoft technologies.

Downloads

Templates for SDL Practices

The templates for Security Development Lifecycle (SDL) practices are a collection of documents that are designed to be used as a starting point for creating your own SDL process documents.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ff622bc0-db08-4cff-bd8b-fec2ed02c286

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=585d2bde-367f-495e-94e7-6349f4effc74

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356

Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2536411)

This update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition of which e-mail messages should be considered junk e-mail.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ddd8a9da-f91b-42d3-b930-8aec835a2810

 

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2536413)

This update provides the Junk E-mail Filter in Microsoft Office Outlook 2007 with a more current definition of which e-mail messages should be considered junk e-mail.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2e76c7e7-6264-408f-95c4-de6d63376e8c

 

Internet Explorer 8 Desktop Security Guide

The Internet Explorer 8 Security Guide provides instructions and recommendations to help strengthen the security of desktop and laptop computers running Windows® Internet Explorer® 8.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=44405777-51b4-4376-9cef-f0341b13fcde

 

Microsoft Forefront Endpoint Protection 2012 Privacy Statement

Microsoft Forefront Endpoint Protection 2012 Privacy Statement

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e72065f9-c08d-4c50-b785-b98416b530e3

Microsoft AutoUpdate for Mac 2.3.2 Update

This update to Microsoft AutoUpdate for Mac is part of Microsoft's continued effort to provide the latest product updates to customers.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=79307696-d0f7-419b-ae22-ae339bbe2a92

 

Microsoft Error Reporting for Mac 2.2.6 Update

This update to Microsoft Error Reporting for Mac is part of Microsoft's continued effort to improve software reliability by collecting information when an application experiences a serious error.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8b9de7d0-5fda-43a6-955b-f02779d95617

 

Microsoft Security Intelligence Report volume 10 (July - December 2010)

This is the tenth volume of the Microsoft Security Intelligence Report

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=821e0433-5b9d-422d-8d78-ab641ee6e132

 

Risk and Health Assessment Program for Configuration Manager (CMRAP) - Scoping Tool v1.1.3

This download package is intended for Microsoft Premier Customers Only. This package includes all of the scoping tools necessary to prepare and qualify your environment to receive a Risk and Health Assessment Program for Configuration Manager (CMRAP).

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bb0ce933-68eb-44b4-a569-19e9e274489f

 

Microsoft IT Uses File Classification Infrastructure to Help Secure Personally Identifiable Information

Learn how Microsoft Information Technology (IT) used File Classification Infrastructure (FCI) to create a solution to automatically classify, manage, and protect sensitive data, including personally identifiable information and financial information. Using the new FCI-based solution, Microsoft IT can obtain file-level details about content sensitivity while reducing misclassification of personally

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bee97542-c6c6-45b9-88c4-3abfdbb92e38

 

Update for Windows Mail Junk E-mail Filter [May 2011] (KB905866)

Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=aa029fde-f341-44fc-8b85-0c6f3d3c2d69

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=585d2bde-367f-495e-94e7-6349f4effc74

 

Risk and Health Assessment Program for Exchange Server (ExRAP) – Scoping Tool v1.5

This download package is intended for Microsoft Premier Customers Only. This package includes all of the scoping tools necessary to prepare and qualify your environment to receive a Risk and Health Assessment Program for Exchange Server (ExRAP).

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=23457155-7c8b-4355-8a57-d2c2a4d1da57

 

Update for Windows 7 (KB2534366)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ab1ce1e8-d50b-4971-b888-dfea9d571de4

 

Update for Windows 7 for x64-based Systems (KB2519946)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ed08f159-0ed8-4e2f-84cd-d82f405dd52e

 

Update for Windows 7 (KB2519946)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=6899e950-3322-4486-82a6-f384e9f51f7d

 

Update for Windows Server 2008 R2 x64 Edition (KB2533552)

Install this update to enable future updates to install successfully on all editions of Windows 7 or Windows Server 2008 R2.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1de747cb-dee1-4826-a8ff-6491d2445f00

 

Update for Windows 7 for x64-based Systems (KB2529073)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=3de148ce-5acb-4edd-8e9a-d1bb903e9823

 

Update for Windows Server 2008 R2 x64 Edition (KB2519946)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=430593fc-8d8b-4bd8-b0b0-d2bf5b3feae8

 

Update for Windows 7 (KB2533552)

Install this update to enable future updates to install successfully on all editions of Windows 7 or Windows Server 2008 R2.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7e652f51-23b2-4d62-adbe-b7a3153b42c3

 

Update for Windows Server 2008 R2 for Itanium-based Systems (KB2533552)

Install this update to enable future updates to install successfully on all editions of Windows 7 or Windows Server 2008 R2.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=35e88f5d-d2a7-4a66-878c-856fdc6f7f9e

 

Update for Windows Server 2008 R2 for Itanium-based Systems (KB2529073)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=3c3cc550-cd1b-485d-b770-e729c94b52cb

 

Update for Windows 7 for x64-based Systems (KB2533552)

Install this update to enable future updates to install successfully on all editions of Windows 7 or Windows Server 2008 R2.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=93a942c1-fc43-44cf-bc5b-5cc1874b3cc3

 

Update for Windows Server 2008 R2 x64 Edition (KB2534366)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1e10e28f-ffb3-4633-802f-497b4f7cf40e

 

Update for Windows 7 for x64-based Systems (KB2534366)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9a934297-16f6-402a-916b-d8f23b0790a6

 

Update for Windows Server 2008 R2 x64 Edition (KB2529073)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=202b5e2e-ac91-42a6-95ba-621e4da8ee4c

 

Update for Windows 7 (KB2529073)

Install this update to resolve issues in Windows.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=dcb38375-9976-4df4-af20-0c4f259f0ed1

Elevation of Privilege (EoP) Threat Modeling Card Game

Elevation of Privilege (EoP) is the easy way to get started threat modeling. It is a card game that developers, architects or security experts can play.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=a069cd10-0b60-4a66-88d3-ccc90661c621

Enhanced Mitigation Experience Toolkit v2.1

A toolkit for deploying and configuring security mitigation technologies

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e127dfaf-f8f3-4cd5-8b08-115192c491cb

Microsoft Malware Protection Center Threat Report - Qakbot  

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=83835164-879e-4f1f-9fc2-8d95993d3d6e

 

Information Rights Management in Office for Mac 2011 Deployment Guide

The Information Rights Management in Office for Mac 2011 deployment guide is for IT managers, system administrators, or other people who are responsible for testing IRM implementation in Office for Mac.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=598cb9d3-2fdc-45e4-89f6-d2685a47c34c

 

Microsoft IT Uses File Classification Infrastructure to Help Secure Personally Identifiable Information

Learn how Microsoft Information Technology (IT) used File Classification Infrastructure (FCI) to create a solution to automatically classify, manage, and protect sensitive data, including personally identifiable information and financial information. Using the new FCI-based solution, Microsoft IT can obtain file-level details about content sensitivity while reducing misclassification of personally

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bee97542-c6c6-45b9-88c4-3abfdbb92e38

 

Achieving Immutability with Exchange Online and Exchange Server 2010

With Exchange Server 2010 SP1 and Exchange Online, Microsoft enables organizations to immutably preserve mailbox items for discovery using an in-place archive.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ada4bc4c-714b-4d45-9194-7ede5ed48251

Events/WebCasts

Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

http://www.microsoft.com/events/security/upcoming.mspx

Register for the following Webcasts on the link above

TechNet Webcast: Information About Microsoft June Security Bulletins (Level 200)

Wednesday, June 15, 2011 11:00 A.M.-12:00 P.M. Pacific Time

Windows Embedded Webcast: Connecting Medical Devices in the Age of Telehealth

Wednesday, June 29, 2011 8:30 A.M.-9:30 A.M. Pacific Time

On-Demand Security Webcasts

http://www.microsoft.com/events/security/ondemand.mspx

Visit TechNet Spotlight: www.microsoft.com/technetspotlight

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more

A.O.B

Check out the latest MVPS Hosts @ www.mvps.org/winhelp2002