Coordinated Vulnerability Disclosure http://www.microsoft.com/security/msrc/report/disclosure.aspx Supporting the belief that vulnerability disclosure is a shared responsibility best practiced in strong coordination between finders, vendors, and protection providers, Microsoft and other software vendors have adopted the principle of Coordinated Vulnerability Disclosure (CVD). Read an overview of the practices involved or watch an informative video to learn how Microsoft communicates about vulnerabilities with industry peers, customers, and the research community.
Now on Demand: Sessions from Tech.Ed North America 2011 http://northamerica.msteched.com/?CR_CC=200040723&fbid=Mi4EcyTWefZ Check out the session recordings and hands-on-labs now available on demand. Join myTech.Ed and explore the future of client security, trends in identity management, and much more.
Rediscover Security Guidance from Microsoft Solution Accelerators http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e&displaylang=en Ever wonder what happened to the security guides from Solution Accelerators? They haven't disappeared, they have simply been repackaged. The previously standalone, product-specific security guides are now part of the Microsoft Security Compliance Manager (SCM) tool. Simply download the tool, import the product baselines you need, and select the Documents tab within each baseline to access trusted security guidance for Windows 7, Windows Server 2008 R2, and other Microsoft products and technologies.
Microsoft Security Bulletin Summary for May, 2011
Security Bulletin Overview for May 2011
Microsoft Security Response Center (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067
Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068
Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069
iPod Video (MP4) http://go.microsoft.com/?linkid=9683070
MP3 Audio http://go.microsoft.com/?linkid=9683071
High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072
Zune Video (WMV) http://go.microsoft.com/?linkid=9683073
Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804
See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805
Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.
Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.
Forefront TMG and ISA Server
Microsoft Forefront TMG 2010 (Standard Edition and Enterprise Edition) has passed Common Criteria Evaluation Assurance Level 4+ (EAL 4+).
The certification work has been performed by the Federal Office for Information Security (BSI), the Common Criteria certification body of the German government and TÜViT Evaluation Body for IT security which evaluates products worldwide according to the ITSEC and the Common Criteria (CC).
Forefront Security TechCenter
Please note that if you have feedback on documentation or wish to request new documents - email firstname.lastname@example.org
Forefront Threat Management Gateway 2010 homepage
Forefront TMG (ISA Server) Product Team Blog
The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:
Microsoft Forefront TMG 2010 (Standard Edition and Enterprise Edition) has passed Common Criteria Evaluation Assurance Level 4+ (EAL 4+)
Exchange Content Filter settings are ignored
Publishing SharePoint mobile for Windows Phone 7
Forefront Unified Access Gateway & Intelligent Application Gateway 2007
Forefront Unified Access Gateway 2010 Technical Resources
For comments, feedback, and requests, contact the Forefront UAG User Assistance team at email@example.com.
Forefront Unified Access Gateway Product Team Blog
The UAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:
Firewall settings could not be configured?
AppWrap and SRA
Regular Expression syntax to exclude values from a wildcard expression
Forefront Edge on the Wiki
The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.
TMG - http://social.technet.microsoft.com/wiki/contents/articles/tags/tmg/default.aspx
UAG - http://social.technet.microsoft.com/wiki/contents/articles/tags/UAG/default.aspx
BitLocker Drive Encryption Deployment Guide for Windows 7 http://technet.microsoft.com/en-gb/library/dd875547(WS.10).aspx?ITPID=secnews Learn how to deploy BitLocker on computers running Windows 7 Enterprise or Windows 7 Ultimate, explore best practices, and get information on how to audit for compliance.
AppLocker Policies Deployment Guide http://technet.microsoft.com/en-gb/library/ee791890(WS.10).aspx?ITPID=secnews Get step-by-step guidance to help you design and plan for the deployment of application control policies using AppLocker. Learn how to create application control policies, test and adjust the policies, and implement a method for maintaining those policies as the needs in your organisation change.
App-V with AppLocker Executable Rules http://technet.microsoft.com/en-GB/windows/ee532032.aspx?ITPID=secnews This video demonstrates how you can create AppLocker executable policies for virtual applications. You'll also learn how Microsoft Application Virtualization (App-V) separates the application from the operating system to prevent application conflicts and enable the ability to run multiple versions of an application of the same desktop.
App-V with AppLocker Windows Installer Rules http://technet.microsoft.com/en-GB/windows/ee532036.aspx Learn how you can create an AppLocker Windows Installer policy for virtual applications. In this video, you will see how you can use App-V and AppLocker together to help ensure that an application will respect the policies you define, regardless of how the application is delivered or what format it takes (physical or virtual).
Group Policy for Beginners http://technet.microsoft.com/en-gb/library/hh147307(WS.10).aspx?ITPID=secnews New to using Group Policy to control computer configurations? Discover what you can do with Group Policy and get step-by-step instructions, with plenty of screenshots, for the most common Group Policy tasks you can use to control your Windows 7 desktops. For more complex configuration guidance, read the Group Policy Planning and Deployment Guide.
Strong Authentication with One-Time Passwords in Windows 7 and Windows Server 2008 R2 http://technet.microsoft.com/en-gb/library/gg637807(WS.10).aspx?ITPID=secnews Explore a certificate-based approach to implementing a one-time password (OTP) authentication solution for computers running the Windows 7 or Windows Server 2008 R2 operating systems. The approach can be used to require two-factor authentication with remote access technologies such as DirectAccess.
Windows Smart Card Technical Reference http://technet.microsoft.com/en-gb/library/ff404297(WS.10).aspx?ITPID=secnews Familiarise yourself with the Windows smart card infrastructure and learn how smart card–related components work in Windows. This guide also contains information about tools that information technology (IT) developers and administrators can use to troubleshoot, debug, and deploy smart card–based strong authentication in the enterprise.
Using Microsoft SCM to Simplify Security and Compliance for Your Windows 7 Environment http://technet.microsoft.com/en-GB/edge/gg549956.aspx Learn how you can use Microsoft Security Compliance Manager to strengthen your Windows 7 environment with security settings customised for your organisation. The video will walk you through the process of preparing a customised Windows 7 security baseline for deployment, and show you how SCM can help you simplify security and compliance for the most widely used Microsoft technologies.
Templates for SDL Practices
The templates for Security Development Lifecycle (SDL) practices are a collection of documents that are designed to be used as a starting point for creating your own SDL process documents.
Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2536411)
This update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition of which e-mail messages should be considered junk e-mail.
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2536413)
This update provides the Junk E-mail Filter in Microsoft Office Outlook 2007 with a more current definition of which e-mail messages should be considered junk e-mail.
Internet Explorer 8 Desktop Security Guide
The Internet Explorer 8 Security Guide provides instructions and recommendations to help strengthen the security of desktop and laptop computers running Windows® Internet Explorer® 8.
Microsoft Forefront Endpoint Protection 2012 Privacy Statement
Microsoft Forefront Endpoint Protection 2012 Privacy Statement
Microsoft AutoUpdate for Mac 2.3.2 Update
This update to Microsoft AutoUpdate for Mac is part of Microsoft's continued effort to provide the latest product updates to customers.
Microsoft Error Reporting for Mac 2.2.6 Update
This update to Microsoft Error Reporting for Mac is part of Microsoft's continued effort to improve software reliability by collecting information when an application experiences a serious error.
Microsoft Security Intelligence Report volume 10 (July - December 2010)
This is the tenth volume of the Microsoft Security Intelligence Report
Risk and Health Assessment Program for Configuration Manager (CMRAP) - Scoping Tool v1.1.3
This download package is intended for Microsoft Premier Customers Only. This package includes all of the scoping tools necessary to prepare and qualify your environment to receive a Risk and Health Assessment Program for Configuration Manager (CMRAP).
Microsoft IT Uses File Classification Infrastructure to Help Secure Personally Identifiable Information
Learn how Microsoft Information Technology (IT) used File Classification Infrastructure (FCI) to create a solution to automatically classify, manage, and protect sensitive data, including personally identifiable information and financial information. Using the new FCI-based solution, Microsoft IT can obtain file-level details about content sensitivity while reducing misclassification of personally
Update for Windows Mail Junk E-mail Filter [May 2011] (KB905866)
Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.
Risk and Health Assessment Program for Exchange Server (ExRAP) – Scoping Tool v1.5
This download package is intended for Microsoft Premier Customers Only. This package includes all of the scoping tools necessary to prepare and qualify your environment to receive a Risk and Health Assessment Program for Exchange Server (ExRAP).
Update for Windows 7 (KB2534366)
Install this update to resolve issues in Windows.
Update for Windows 7 for x64-based Systems (KB2519946)
Update for Windows 7 (KB2519946)
Update for Windows Server 2008 R2 x64 Edition (KB2533552)
Install this update to enable future updates to install successfully on all editions of Windows 7 or Windows Server 2008 R2.
Update for Windows 7 for x64-based Systems (KB2529073)
Update for Windows Server 2008 R2 x64 Edition (KB2519946)
Update for Windows 7 (KB2533552)
Update for Windows Server 2008 R2 for Itanium-based Systems (KB2533552)
Update for Windows Server 2008 R2 for Itanium-based Systems (KB2529073)
Update for Windows 7 for x64-based Systems (KB2533552)
Update for Windows Server 2008 R2 x64 Edition (KB2534366)
Update for Windows 7 for x64-based Systems (KB2534366)
Update for Windows Server 2008 R2 x64 Edition (KB2529073)
Update for Windows 7 (KB2529073)
Elevation of Privilege (EoP) Threat Modeling Card Game
Elevation of Privilege (EoP) is the easy way to get started threat modeling. It is a card game that developers, architects or security experts can play.
Enhanced Mitigation Experience Toolkit v2.1
A toolkit for deploying and configuring security mitigation technologies
Microsoft Malware Protection Center Threat Report - Qakbot
Information Rights Management in Office for Mac 2011 Deployment Guide
The Information Rights Management in Office for Mac 2011 deployment guide is for IT managers, system administrators, or other people who are responsible for testing IRM implementation in Office for Mac.
Achieving Immutability with Exchange Online and Exchange Server 2010
With Exchange Server 2010 SP1 and Exchange Online, Microsoft enables organizations to immutably preserve mailbox items for discovery using an in-place archive.
Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
Register for the following Webcasts on the link above
TechNet Webcast: Information About Microsoft June Security Bulletins (Level 200)
Wednesday, June 15, 2011 11:00 A.M.-12:00 P.M. Pacific Time
Windows Embedded Webcast: Connecting Medical Devices in the Age of Telehealth
Wednesday, June 29, 2011 8:30 A.M.-9:30 A.M. Pacific Time
Visit TechNet Spotlight: www.microsoft.com/technetspotlight
Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more
Check out the latest MVPS Hosts @ www.mvps.org/winhelp2002