Yesterday's patches included a vulnerability in the Microsoft Malware Protection Engine, which is used by Forefront Client Security, Forefront Security for Exchange Server, and Forefront Security for SharePoint.  We recommend our customers immediately ensure that they have the latest Microsoft Malware Protection Engine update. The affected software provides built-in mechanisms for the automatic detection and deployment of this update.

More details on Technet:

This security update resolves two privately reported vulnerabilities in the Microsoft Malware Protection Engine. An attacker could exploit either of the vulnerabilities by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited either vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.

The Microsoft Malware Protection Engine is a part of several Microsoft products. Depending upon which product is installed, this security update has different severity ratings. This security update is rated Moderate for Windows Live OneCare, Microsoft Antigen for Exchange, Microsoft Antigen for SMTP Gateway, Microsoft Windows Defender, Microsoft Forefront Client Security, Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint. This security update is rated Low for Standalone System Sweeper located in Diagnostics and Recovery Toolset 6. For more information, see the subsection, Affected and Non-Affected Software, in this section.  The security update addresses the vulnerability by modifying the way that the Malware Protection Engine processes files. For more information about this vulnerability, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.

From the popular Gadgetell website:

Microsoft Forefront brings some humor to security

by JG Mason on May 6, 2008 at 01:53 AM

If you like the color orange and like to see IT geeks beating up on zombies, secret agents, ninjas and aliens, head on over the Forefront site.  There you’ll find a free public beta download of the integrated security software that was released quietly last month.

Code-named “Stirling”, this public beta secures clients, server and networks.  “Our goal with Stirling is an integrated client, server and network edge, all managed through a simple intuitive console,” said Ryan Hamlin, GM of Microsoft’s Access and Security Division.

Microsoft touts the beta as comprehensive, integrated and simplified.  The site works hard to demonstrate “normal” IT employees defending their systems.  Kinda cute and clever; with funky music to boot.

Microsoft expect the full bells and whisltes version to be released in the first half of next year.

LAS VEGAS, Nevada.  - April 29, 2008 --  At the Interop conference today, Microsoft announced its next-generation secure remote access gateway product, Forefront Unified Access Gateway (UAG), available in the first half of 2009. Forefront Unified Access Gateway is the evolution of Microsoft's current solution, Intelligent Application Gateway (IAG 2007), and moves the successful product under the Forefront brand.  UAG will bring new features and functionality to make remote access easier than ever for all users and IT professionals.          
In addition to investing strongly in its next-generation solutions, Microsoft is continuing to provide increased customer value with the products in the market today by launching an updated SharePoint Optimizer, providing enhanced functionality and manageability for secure remote access to SharePoint by all mobile users.

Built on Windows Server 2008, UAG is designed to offer one solution to fit all remote access needs through centralized management and policy control across all users, devices, and network resources.  More details about the features in Forefront UAG will be available with a public beta scheduled for later this calendar year.  Microsoft will provide an easy product and licensing upgrade path from IAG 2007 or customers using ISA 2006 for remote access to Forefront UAG, and IAG customers that have or buy Microsoft Software Assurance can be confident of receiving strong value with Forefront UAG. 

Forefront UAG will add further features to a comprehensive end point security assessment and cache cleanup, which is tailored to the specific application and access environment.  Tightly integrated with Microsoft Network Access Protection, this ensures only secure devices and authenticated users can access network resources and that no data is compromised during or after the sessions.

 Forefront UAG adds more ease of use with wizard driven configuration, easy to use policies and highly intuitive user experience.  This solution ensures a fast and easy deployment allowing employees, partners and vendors simple and secure access, via customized and dynamic user portals.  Ongoing management and control is simplified via updates to application and endpoint policies.

The IAG pioneered the concept of Application Intelligence, or the ability to control what resources are presented to the user, and transparently enforcing policies based on a deep understanding of how an application functions.  Forefront UAG builds on the current competitive differentiation around application intelligence, with broad application support for Microsoft and third party applications, granular access controls, and customizable application protection through Application Optimizers.

Microsoft latest Application Optimizers is an updated SharePoint Optimizer for the IAG 2007, providing enhanced functionality and performance for remote access to SharePoint by all mobile users.  The updated IAG 2007 SharePoint Optimizer leverages SharePoint Alternate Access Mapping (AAM) to provide an easier, more secure and productive user experience when accessing SharePoint remotely.

With this new Optimizer, IAG provides more seamless access to the complete functionality of SharePoint, including Explorer View, Datasheet View, integrating InfoPath forms and access to multiple office documents from multiple server locations, without the overhead and security risks associated with tunneling and application rewriting.

Microsoft's IAG 2007 already provides the easiest to use and manage remote access to SharePoint today, as it is the only complete remote access solution to integrate its user experience into SharePoint, allowing organizations to keep a simple, one-portal, user experience for employees accessing applications internally or externally. The IAG 2007 SharePoint Optimizer will be available for download in May.

Our Microsoft Malware Protection Center (MMPC) has just released the latest Security Intelligence Report for July through December.  The report has a number of interesting findings, but the most eye-popping is a 300 percent increase in Trojans, using our enormous sample size of 450 million computers:

During the second half of 2007 there was a 300% increase in the number of Trojan downloaders and droppers detected and removed. The increase observed in 2H07 is vastly larger than the already large increase observed between 2H06 and 1H07. Clearly this category of malware has become a tool of choice for some attackers. IT Professionals and Security Professionals alike should become familiar with this type of malware so that they can better protect their networks from attacks that leverage it.

We're sure glad we have some of the best anti-malware researchers in the world building our anti-malware engine for Forefront Client Security. 

Danny Popper talks about the new Forefront beta preview

Hey everyone,

My name is Danny Popper, and I’m a Program Manager for Microsoft Forefront Security for Exchange Server.  On Wednesday, Brett (our Product Unit Manager) blogged about our brand new beta release of two Forefront Server Security products – Forefront Security for Exchange Server (FSE) and Forefront Security for SharePoint (FSSP).  Brett talked about our direction both from the broader Forefront division of security products as well as from the perspective of our two products.  I want to build on what Brett said, and I hope that I can fill in some of the details about how we’re going to achieve the visions he outlined.

There's more...

We've just released Forefront Security for SharePoint with Service Pack 2, which now provides support for Windows Server 2008.   Windows Server 2008 is the most secure server operating system yet, offering a strong platform for FSSP. 

In addition to a number of other upgrades and improvements, FSSP SP2 offers installable key word lists for automatically blocking documents containing profanity and discriminatory content in 11 languages -- English, French, German, Italian, Japanese, Korean, Chinese (Simplified), Chinese (Traditional), Brazilian Portuguese, Spanish, and Russian.

Now you can protect your SharePoint installations around the world from corporate potty mouths.   And you can get as granular as you want - from the really nasty down to "damn" - or "damner," "verdammt," "maldita," "maldito," depending on which country you're in.

Check it out here:

• Trial Software
  Download the free Forefront Security for SharePoint trial
  Try a fully functional version of Forefront Security for SharePoint in your own environment.
  Free for 120 days.
  
• Demo
  Learn how Forefront Security for SharePoint helps protect your document libraries from viruses and inappropriate content. Duration: 7 min.
  
•  Virtual Lab
  Test-drive the Virtual Lab online today
  Virtual Labs provide you with a free online evaluation of the product.  Nothing to install.
  Duration:  90 min.

At RSA, the Forefront team announced the public beta of our next-generation Forefront security solution, codenamed "Stirling".

Stirling is an integrated security system that delivers comprehensive, coordinated protection, to make it easier to control, access and manage security across an organization’s IT infrastructure. 

Stirling combines a central management console for security configuration and enterprise-wide visibility with the next-generation Forefront products that span the client, server and network edge. These products include Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint and the next-generation of Microsoft ISA Server – Forefront Threat Management Gateway (TMG).

We will be talking to you more about Stirling in the coming days and weeks, but here are some resources to help you learn more about the integrated solution today.

Demo: Our very own Josue Fontanez demonstrates Stirling.

Get the beta: To download the beta click here.

It’s almost time for the annual RSA security conference in San Francisco.  We will be sending a big team this year, and will have a big Forefront booth presence.  Microsoft has set up a special RSA web site and blog, and Forefront team members will be posting both there next week, along with other security experts across Microsoft. Look for some interesting developments next week from the Forefront team.

If you’re going to RSA,  be sure and stop buy our booth #1517. 

Microsoft Acquires Komoku

Microsoft strengthens anti-malware protection with leading-edge rootkit detection provider.

REDMOND, Wash. — March 20, 2008 — Today Microsoft Corp. announced it has acquired Maryland-based Komoku Inc., a provider of advanced rootkit security detection solutions. Microsoft expects to add Komoku’s functionality into upcoming versions of the Forefront line of enterprise security products and Windows Live OneCare, Microsoft’s all-in-one PC care solution.

“Komoku has been a leader in the area of rootkit detection, doing work for ultra security-conscious customers such as the Department of Homeland Security (DHS) and the Department of Defense (DOD),” said Ryan Hamlin, general manager, Access and Security Division, Server and Tools Business at Microsoft. “Komoku’s cutting-edge expertise and technology will benefit our customers by adding to the robust protection of our anti-malware solutions and help maintain our leading position in anti-malware research and development.”

Founded in 2004, Komoku offers advanced rootkit detection. Rootkits are malicious software programs that are designed to take control of a computer’s operating system at the administrator, or root, level, where they can often hide from detection by standard anti-malware software. Komoku’s customers have included a number of high-security government agencies, including the Defense Advanced Research Projects Agency, the U.S. Navy, the DHS and the DOD.

“I’m excited about the Komoku team joining Microsoft and building on our successes in detecting sophisticated rootkits for customers,” said William A. Arbaugh, president and CTO of Komoku as well as an associate professor of computer science at the University of Maryland at College Park and a renowned expert on rootkits. “Microsoft’s commitment to building the next generation of malware detection is very strong, and we at Komoku look forward to continuing the tremendous progress Microsoft has already made in the anti-malware space and building the anti-malware products that can handle today’s sophisticated threats.”

The Komoku name and product line will eventually be retired as the company winds down its affairs after closing. The majority of Komoku’s staff will join Microsoft in the Access and Security Division. Financial terms of the acquisition were not announced. The deal was completed March 19, 2008.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

#########

Microsoft Forefront Security for SharePoint (FSSP) continued to gain enterprise momentum at the SharePoint Conference in Seattle this week, as Microsoft announced that FSSP is the overwhelming leader in securing SharePoint, with a market share of over 35 percent. Interest in FSSP is surging as companies look to secure and manage the proliferation of the popular SharePoint servers on corporate networks.    

At the conference, FSSP customers reinforced why they are choosing Forefront to secure their SharePoint environments – comprehensive protection with ease of use for secure collaboration. Suzanne Gordon, CIO at SAS software said, “Our SharePoint servers are mission critical, so we wanted a highly robust, yet easy-to-deploy solution for securing our company and customers’ information. We’ve been very pleased with the performance of Forefront Security for SharePoint, which is both highly effective with its multiple scanning engines, as well as scalable and seamlessly integrated into our intranet and extranet SharePoint collaboration deployments.”

Forefront Security for SharePoint is an on-premise solution that provides comprehensive protection for SharePoint document libraries. Customers, who purchase Forefront Security for SharePoint with SP1 to protect Microsoft Office SharePoint Server 2007 or Microsoft Windows SharePoint Services version 3.0, are also licensed to use Antigen for SharePoint to protect Microsoft SharePoint Portal Server 2003 and Microsoft Windows SharePoint Services 2.0 collaboration environments.

Forefront Security for SharePoint integrates multiple scan engines from industry-leading vendors and content controls to help businesses protect their Microsoft SharePoint collaboration environments. FSSP prevents malware from being spread via SharePoint document libraries – deleting infected documents and providing file and keyword filtering capabilities to block documents containing inappropriate content and confidential information.  The soon to be released Forefront Security for SharePoint Service Pack 2 will provide Windows Server 2008 support and include pre-populated keyword lists in 11 languages, enabling companies to block documents containing profanity and racial and sexual discrimination.

Customers can view an online demonstration, or download a 120-day trial version here.

The Forefront Client Security Service Pack 1 and Forefront Client Security / Windows Server 2008 Network Access Protection (FCS-NAP) integration kit release date is coming up soon. As part of the Windows Server 2008 Launch Event, the integrated solution was demonstrated in Los Angeles today.

A link to the video of the integrated solution demonstration is available here. 

Protecting clients and servers is one of the toughest challenges in IT today. Together, Microsoft Forefront and Windows Server 2008 deliver a next generation, secure server and application platform solution with integrated protection, advanced access control, and simplified management that helps IT professionals maximize control over their security infrastructure.

More information on the FCS-NAP integration kit is available here. http://www.microsoft.com/forefront/ws08support.mspx

We are pleased to announce that two of our world-class Forefront security products were honored by Info Security Products Guide with 2008 Global Product Excellence Awards.  Microsoft Forefront Security for Exchange Server 2007 was honored with the award for "Global Excellence in Email Security Solution", and the Internet Security & Acceleration (ISA) 2006 Server was honored for "Global Excellence in Firewall Solution."     These two awards are both a testament to the hard work of our development teams, and further proof of the excellence of the Forefront line of security products along with the many other award nominations gained by Forefront products in the last year.

 About Info Security Products Guide Awards

Info Security Products Guide, published by Silicon Valley Communications, plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources. It is written expressly for those who are adamant on staying informed of security threats and the preventive measure they can take. You will discover a wealth of information in this guide including tomorrow’s technology today, best deployment scenarios, people and technologies shaping info security and independent product evaluations that facilitate in making the most pertinent security decisions. The Info Security Products Guide Awards recognize and honor excellence in all areas of information security. To learn more, visit www.infosecurityproductsguide.com and stay secured.

Nice article in CRN this week about the progress of Microsoft's security products channel business:

Six months after unveiling its Security Solutions competency and a $50 million dollar investment in marketing, sales and training to support its Forefront security product line, Microsoft (NSDQ:MSFT) says the moves are paying dividends.  More than 1,100 partners have joined Security Solutions competency since Microsoft unveiled it last July at its Worldwide Partner Conference, making it the fastest growing of Microsoft's 13 competencies, says Mark Hassall, marketing director for security and access partners at Microsoft.

There's more...