Security Info for the Month of April
News
Building Security into Windows Vista and the Microsoft Culture https://go.microsoft.com/?linkid=8691652
By Michael Howard, Principal Security Program Manager, Microsoft Corporation At the end of the day, you improve security by focusing on security. Explore how -- and, more importantly, why -- the Security Development Lifecycle (SDL) has resulted in a reduction in vulnerabilities across major Microsoft products, including Windows Vista.
Security Tip of the Month: Laying the Foundation for the Microsoft Security Development Lifecycle: Implementing the Principles https://go.microsoft.com/?linkid=8691659
By Jeremy Dallman, Security Program Manager, Microsoft Security Engineering & Communications Learn how to establish a baseline architectural understanding of your application security, one that identifies critical weaknesses and provides enough evidence to support the decision to move forward with a full SDL adoption.
Microsoft Security Development Lifecycle (SDL) - Detailed Process Guidance Now Available! https://go.microsoft.com/?linkid=8691654
As part of its commitment to a more secure and trustworthy computing ecosystem, Microsoft is making the details of the SDL process generally available online for the first time. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs.
News from RSA: Microsoft's Vision for a More Trusted Internet https://go.microsoft.com/?linkid=8691655
Read Microsoft's End to End Trust whitepaper and join an online discussion forum about building a more secure and privacy enhanced Internet.
Try System Center Mobile Device Manager Today https://go.microsoft.com/?linkid=8691656
See firsthand how Microsoft System Center Mobile Device Manager with Windows Mobile 6.1 can help improve mobile device security, simplify management, and lower costs. Download the 120-day Trial Evaluation software.
Forefront Codename "Stirling" Beta Now Available for Download https://go.microsoft.com/?linkid=8691657
Microsoft Forefront codename "Stirling" is an integrated security system that delivers comprehensive, coordinated protection across endpoints, server applications, and the network edge. It provides simplified management and critical visibility that make security easier to manage and control. Register today and you'll automatically receive access to valuable beta resources throughout the evaluation experience.
Evaluate Microsoft Security Products and You Could Win a Windows Home Server https://go.microsoft.com/?linkid=8691658
Download a free trial or take a virtual lab of Forefront Client Security, Forefront Security for Exchange Server or Forefront Security for SharePoint and be entered for a chance to win great prizes. Find out more at Evalu'08 https://go.microsoft.com/?linkid=8562915
Microsoft Security Bulletin Summary for April, 2008
https://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx
Search for previous security bulletins https://go.microsoft.com/?linkid=3992478
Security Bulletin Feed https://go.microsoft.com/?linkid=3992479 RSS https://go.microsoft.com/?linkid=3992480
Documents
Improve Security through Meaningful Security Policies https://go.microsoft.com/?linkid=8775500
This article discusses how policies are designed to control human risk factors, the reasons why policies sometimes fail, and best practices for effective security policies.
The Security Risk Management Guide https://go.microsoft.com/?linkid=8775501
This guide helps you plan, build and maintain a successful security risk management programme. In a four phase technology-agnostic process, the guide explains how to build an ongoing process to measure and drive security risks to an acceptable level.
Lessons Learned from Five Years of Building More Secure Software https://go.microsoft.com/?linkid=8691660
Learn about prioritizing code by age, using analysis tools and automation, looking at threats from multiple angles, and the importance of education.
Eight Simple Rules for Developing More-Secure Code https://go.microsoft.com/?linkid=8691661
This article presents that list of habits shared by developers of secure code. From taking responsibility to using the best tools available, these habits can help make you a more secure developer.
Protecting Your Code with Visual C++ Defenses https://go.microsoft.com/?linkid=8691662
Read about some of the buffer overrun defenses available in Visual C++ 2005 and beyond.
Discover HelloSecureWorld https://go.microsoft.com/?linkid=8691663
HelloSecureWorld.com provides a powerful experience for promoting security awareness and education in the developer community by surfacing existing content as well as new.
Downloads
Security White Papers
Security white papers that address the specific security needs of particular industries, such as the professional services and financial services industries.
Microsoft Forefront Client Security BPA
Best Practices Analyzer for FCS v1.0
Security Features in Microsoft Online
This white paper describes how the Microsoft concern for security, as defined in the Trustworthy Computing initiative, has driven key features in the design, deployment, and operation of the Microsoft Online Services environment.
Ensuring Security Baseline Compliance using DCM
The Security Compliance Management Beta provides authoritative, supportable tools and prescriptive guidance to help organizations conduct and validate security compliance checks against established baselines from Microsoft.
Starter Group Policy Objects (GPOs)
Starter Group Policy objects (GPOs), introduced in Group Policy for Windows Server 2008, are collections of configured Administrative template (.admx) policy settings that you can use to create a live GPO. Each of the two packages in this download contains four starter GPOs.
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB949037)
Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Update for Windows Mail Junk E-mail Filter for x64-based Systems [April 2008] (KB905866)
Microsoft® Forefront™ codename "Stirling" Beta
Microsoft® Forefront™ codename "Stirling" is an integrated security system that delivers comprehensive, coordinated protection across endpoints, messaging and collaboration servers and the network edge that is easier to manage and control.
Extended Security Update Inventory Tool
The Extended Security Update Inventory Tool is used to detect security bulletins not covered by MBSA including MS04-028, February 2005 bulletins, and future security bulletins that are exceptions to MBSA.
April 2008 Security Releases ISO Image
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on April 8th, 2008.
Security Development Lifecycle (SDL) Guidance
Windows Server 2008 Security & Compliance Technologies
Microsoft Forefront Security for SharePoint with Service Pack 2
Forefront Security for SharePoint with Service Pack 2 helps business protect their Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 collaboration environments by eliminating documents containing malicious code, confidential information, and inappropriate content.
Security audit events for Microsoft Windows Server 2008 and Microsoft Windows Vista
A list of all security audit events for Windows Server 2008 and Windows Vista
Public Key Infrastructure (PKI) for Security Solutions Datasheet
This offering uses the customer’s existing investments in Microsoft technologies to create an internal PKI solution that corresponds to the customer’s needs.
Foundation Network Companion Guide: Deploying Computer and User Certificates
This companion guide to the Foundation Network Guide provides instructions for deploying client computer and user certificates with Active Directory Certificate Services (AD CS).
Identity Lifecycle Management (ILM) Datasheet
This offering uses Microsoft Identity Integration Server (MIIS) 2003 and best practices to simplify digital identity management and maintain data integrity.
Microsoft Security Intelligence Report (July - December 2007)
Implementing and Administering Certificate Templates in Windows Server 2008
This document provides concepts, procedures, and best practices for designing, administering, and implementing certificate templates.
Internet Security and Acceleration (ISA) Server 2006 180-Day Trial Version
ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast and secure remote access to applications and data. ISA Server 2006 is available for download in both Standard Edition and Enterprise Edition.
BitLocker Recovery Password Viewer for Active Directory Users and Computers tool
The Bitlocker Active Directory Recovery Password Viewer helps to locate BitLocker Drive Encryption recovery passwords for Windows Vista- or Windows Server 2008- based computers in Active Directory Domain Services (AD DS).
BitLocker Repair Tool
The BitLocker Repair Tool can assist administrators in recovering data from a corrupted or damaged disk volume that was encrypted with BitLocker.
Group Policy Documentation Survival Guide
This document provides links to documentation and other technical information for Group Policy in Windows Server 2008.
BitLocker Drive Preparation Tool
The BitLocker Drive Preparation Tool configures the hard disk drives in your computer properly to support enabling BitLocker.
Microsoft Exchange Server 2007 Protocol Documentation
The Microsoft Exchange Server 2007 Protocol technical documentation set provides technical specifications for Microsoft protocols, and Microsoft extensions to industry-standard or other published protocols that are implemented and used in Microsoft Exchange Server 2007.
Events/WebCasts
Microsoft Security Webcast Series: Upcoming and On-Demand
Security Webcast Calendar https://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
https://www.microsoft.com/events/security/upcoming.mspx
Register for the following Webcasts on the link above
TechNet Webcast: Information About Microsoft May Security Bulletins (Level 200)
Wednesday, May 14, 2008 11:00 A.M.-12:00 P.M. Pacific Time
IT Manager Webcast: How Microsoft IT Does Patch Management (Level 200)
Thursday, May 22, 2008 11:30 A.M.-12:30 P.M. Pacific Time
TechNet Webcast: Managing Windows Server 2008 with Server Manager (Level 200)
Thursday, May 22, 2008 11:30 A.M.-12:30 P.M. Pacific Time
IT Manager Webcast: How Microsoft IT does Secure Application Development (Level 200)
Thursday, May 29, 2008 11:00 A.M.-12:00 P.M. Pacific Time
On-Demand Security Webcasts
https://www.microsoft.com/events/security/ondemand.mspx
A.O.B
Sign up for the Security Newsletter https://go.microsoft.com/?linkid=8687612
Visit the TechNet Security Centre https://go.microsoft.com/?linkid=8687613