News
Consumerization of IT and Sophistication of Attacks When employees take their laptops home, do they pose a risk to your network when they bring them back? What kinds of exploits should you watch out for? In this webcast, you can explore how cybercriminals use marketing-like tactics to lure their victims, learn about the potential impact to your organization, and get guidance on how to stay protected.
http://technet.microsoft.com/en-us/edge/consumerization-of-it-and-sophistication-of-attacks.aspx
Social Engineering Threat Trends in 2010 Interested in learning how social networking has affected the way cybercriminals work? According to Microsoft's Security Intelligence Report, Volume 10, social networking has become one of the most common ways attackers lure their victims. Watch this short video to learn more about the emerging social engineering threats and get guidance on how you can protect yourself.
http://www.youtube.com/watch?v=ZbgLZSP7Nbk
Rogue Security Software: "Scamming for Money" Rogue security software, sometimes referred to as scareware, is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions. In 2010, Microsoft cleaned almost 19 million infected systems with rogue security software. This video discusses the latest Rogue Security Software findings from the Microsoft Security Intelligence Report Volume 10 and provides recommendations to help you prevent rogues.
http://www.microsoft.com/security/sir/videos/default.aspx#!video_1_3
Microsoft Security Bulletin Summary for June, 2011
http://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx
Security Bulletin Overview for June 2011
Microsoft Security Response Center (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067
Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068
Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069
iPod Video (MP4) http://go.microsoft.com/?linkid=9683070
MP3 Audio http://go.microsoft.com/?linkid=9683071
High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072
Zune Video (WMV) http://go.microsoft.com/?linkid=9683073
Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804
See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805
Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.
Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape.
Documents
Security Tip of the Month: Prioritizing Microsoft Security Update Deployment Using Severity Ratings and the Updated Exploitability Index Microsoft has established a predictable process for releasing security updates on the second Tuesday of each month. Each security update carries two pieces of information that help with the prioritization process: the severity rating and the Exploitability Index. Explore each of these items in detail and learn how, taken separately, each gives an indication of the risk of a vulnerability being exploited while, taken together, both can add a new dimension of information that can help with prioritization decisions.
Microsoft Security Update Guide, Second Edition Get in-depth information and tools that can help you protect your IT infrastructure while creating a safer, more secure computing and Internet environment. This guide is designed to help you better understand and maximize Microsoft security update release information, processes, communications, and tools.
How to Remove the Trojan Win32/FakePav Watch a short demonstration of how Win32/FakePav infects an unprotected computer, and find out how to remove the trojan.
Behind the Curtain of Second Tuesdays: Challenges in Software Security Response This presentation discloses some of the challenges seen by the MSRC in addressing modern vulnerabilities. As SDL weeded out the simple buffer overflow, vulnerabilities have become more complex in nature and thus more challenging to address. The goal is to provide insight into Microsoft's techniques and processes in responding to these challenges and to provide lessons learned to other organizations in similar situations.
Microsoft Security Compliance Manager Download this free tool offering centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization's ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.
Security Compliance as an Engineering Discipline As a result of requirements like the Payment Card Industry Data Security Standard (PCI-DSS), some organizations are building comprehensive application security programs for the first time. Learn how to harmonize compliance-focused programs with security engineering by integrating secure engineering practices into the entire software lifecycle with the Microsoft Security Development Lifecycle (SDL).
Downloads
Microsoft Security Development Lifecycle (SDL) - Version 5.1
Microsoft Security Development Lifecycle (SDL) Process Guidance - Version 5.1
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e5ff2f9d-7e72-485a-9ec0-5d6d076a8807
June 2011 Security Release ISO Image
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on June 14, 2011. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time.
Important: Be sure to check the individual security bulletins at http://www.microsoft.com/technet/ security prior to deployment of these updates to ensure that the files have not been updated at a later date.
This DVD5 image contains the following updates:
KB2544893 / (MS11-037)
Windows XP
Windows XP x64 Edition
Windows Server 2003
Windows Server 2003 x64 Edition
Windows Server 2003 for Itanium-based Systems
Windows Vista
Windows Vista for x64-based Systems
Windows Server 2008
Windows Server 2008 x64 Edition
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 R2 x64 Edition
Windows Server 2008 R2 for Itanium-based Systems
Windows 7
Windows 7 for x64-based Systems
Windows Embedded Standard 7
Windows Embedded Standard 7 for x64-based Systems
KB2476490 / (MS11-038)
KB2478656 / (MS11-039)
KB2478657 / (MS11-039)
KB2478658 / (MS11-039)
KB2478659 / (MS11-039)
KB2478660 / (MS11-039)
KB2478661 / (MS11-039)
KB2478662 / (MS11-039)
KB2478663 / (MS11-039)
KB2525694 / (MS11-041)
KB2535512 / (MS11-042)
KB2536276 / (MS11-043)
KB2518863 / (MS11-044)
KB2518865 / (MS11-044)
KB2518866 / (MS11-044)
KB2518867 / (MS11-044)
KB2518869 / (MS11-044)
KB2503665 / (MS11-046)
KB2525835 / (MS11-047)
KB2536275 / (MS11-048)
KB2530548 / (MS11-050)
KB2518295 / (MS11-051)
KB2544521 / (MS11-052)
http://www.microsoft.com/download/en/details.aspx?id=26329
Events/WebCasts
Security Webcast Calendar
http://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
http://www.microsoft.com/events/security/upcoming.mspx
Register for the following Webcasts on the link above
TechNet Webcast: Information about Microsoft Security Bulletins for July (Level 200)
Wednesday, July 13, 2011 11:00 A.M.-12:00 P.M. Pacific Time